The Commission establishes sentencing policies and practices for the federal courts. Each year, the Commission reviews and refines these policies in light of congressional action, decisions from courts of appeals, sentencing-related research, and input from the criminal justice community.

In this section, you can follow the Commission’s work through the amendment cycle as priorities are set, research is performed, testimony is heard, and amendments are adopted.

The U.S. Sentencing Commission is an independent agency in the judicial branch that was created as part of the Sentencing Reform Act of 1984. Commissioners are appointed by the President and confirmed by the Senate. The Attorney General, or the Attorney General’s designee, and the Chair of the U.S. Parole Commission serve as ex officio, nonvoting members of the Commission.

In this section, learn about the Commission’s mission, structure, and ongoing work.

COMMISSIONER GOLDSMITH: Our next session deals with cases sentenced under the
organizational guidelines. Our next panel will provide a preliminary look at
this topic.

Because answering the question, "What do the cases show?" requires a
two-part answer, we have two speakers: John Scalia of the Commission's research
staff, and Kirk Jordan of the Compliance Systems Legal Group.

The reason for this two-part approach is as follows: The guidelines have thus
far been applied only to cases involving more recent conduct; and, second,
bigger cases typically have a longer gestation period. Sentencing Commission
data, on which John Scalia will report, may not tell the full story of the
guidelines' impact, especially on larger companies. Kirk Jordan will therefore
provide a fuller picture of the relevance of compliance programs by talking
about criminal cases that, while technically pre-guideline, appear to have been
influenced by guideline factors. He will also talk about civil cases in which
compliance has proven to be relevant.

John Scalia, Jr., is a research associate at the U.S. Sentencing Commission.
In this capacity, Mr. Scalia has served on numerous working groups dealing with
white-collar crime and organizational defendants. He was responsible for
collecting the past practice sentencing data on organizational defendants.
These data were used to inform the development of the Chapter Eight guidelines
for organizations. He continues to oversee the collection of data on
organizational sentencing pursuant to the guidelines.

Kirk S. Jordan is the President of Compliance Systems Legal Group, a law and
consulting firm in Warwick, Rhode Island. Compliance Systems Legal Group
designs and implements compliance programs for organizational clients and is a
leader in the development of interactive, computer-based ethics and compliance
training applications. Before founding Compliance Systems Legal Group, Mr.
Jordan was associated with the law firm of Skadden Arps. Mr. Scalia?

MR. SCALIA: Thank you, Commissioner. When the Commission began developing
the organizational guidelines, no comprehensive database of past sentencing
practices for organizational defendants existed. Consequently, the Commission
did extensive empirical research on organizational sentencing practices in the
federal courts.

The Commission's study revealed that a very small proportion of the federal
caseload actually involved organizational defendants. Of the approximately
40,000 criminal cases sentenced each year, fewer than 400 involved
organizational defendants. Chart 1 indicates that the number of organizations
sentenced each year is fairly stable, between 300 and 400 cases a year.

Since the organizational guidelines went into effect in 1991, 208
organizations have been sentenced pursuant to Chapter Eight according to
documentation received by the Commission as of June 30, 1995. The Commission
received an additional 72 organizations that were sentenced pursuant to the
former antitrust guideline that was in place prior to the Chapter Eight
guidelines. Chart 2 describes the number of organizations sentenced each year
pursuant to the guidelines.

Why so few cases? Most of the organizational cases are rather complex frauds
or market allocation agreements that involve lengthy investigations before
charging decisions can be reached. Second, even though the Chapter Eight
guidelines took effect in November 1, 1991 (and according to statute should be
applied to all sentencings that occur on, or after, that date), the Department
of Justice has instructed prosecutors, in light of relevant court decisions, the
guidelines should only be applied to offenses that occur on, or after, November
1, 1991. Therefore, consistent with the Commission's expectations, the majority
of the organizations sentenced over the past four years are sentenced pursuant
to pre-guideline rules. Of the 197 organizations sentenced during fiscal year
1994, only 106 (or 54 %) were sentenced under the guidelines.

The Commission's data indicate that the majority of organizations sentenced
for criminal offenses are closely held organizations. From its study of
pre-guideline practice, the Commission found that approximately 90 percent of
the organizations sentenced involved closely held organizations. Under
guideline practice, approximately 97 percent involved closely held
organizations. Openly traded organizations, public traded organizations,
typically account for a relatively small percentage, approximately nine percent
of past practice and only three percent of guideline practice.

Why are we seeing a significantly smaller proportion of publicly traded
organizations? These cases tend to be larger and more complex, and it often
takes longer for them to work their way through the system. Secondly,
prosecutors may be opting to pursue these cases civilly rather than criminally.
(Kirk Jordan is going to talk about the civil cases and large non-guideline
criminal cases.) In time, we should see more publicly traded organizations
sentenced under the guidelines.

Consistent with the fact that most of them are closely held organizations,
owners and top management are frequently named as co-defendants and convicted in
tandem with the organization. Of the 264 closely held organizations sentenced
thus far, an owner or top executive was convicted in approximately 51 percent,
or 134, of these cases; 189 owners or top executives were convicted in all.

Consistent with what Bill Laufer found in his study, the organizations
sentenced under the guidelines typically employ fewer than 50 people. Chart 3
indicates that the overwhelming majority, 56 percent, employed fewer than 20
persons, and another 23 percent employed between 20 and 100 people. A very
small percentage employed fewer than 500. Under the Small Business
Administration criteria, those organizations employing fewer than 50 people
would be classified as extremely small organizations.

The organizations sentenced under the guidelines tend to be fairly new. Fifty
percent have been in business for less than 15 years. Antitrust defendants have
typically been in business or significantly longer, about 37 years. Most of the
organizations continued to operate after indictment and conviction; however,
many had ceased operations or were experiencing financial stress at the time of
sentencing. Chart 4 indicates that 22 percent went out of business sometime
around indictment or before sentencing; three percent were undergoing
bankruptcy; ten percent were undergoing some other financial stress; and 65
percent remained solvent and operating.

The guidelines provide for a corporate death sentence for organizations
identified as criminal purpose. Under the guidelines, an organization that is
defined as criminal purpose is divested of its assets. Fourteen organizations
have been sentenced under this provision of the guidelines.

Chart 5 indicates that the majority of the offenses for which defendants were
convicted are either antitrust offenses, representing 32 percent of the
offenses; fraud offenses, about 30 percent; environmental, 12 percent; tax
violations, 9 percent; and food and drug violations, 3 percent. As Rusty
Burress pointed out yesterday morning, the environmental and the food and drug
violations are not covered by the guideline fine provisions.

With respect to the fraud offenses that have been sentenced, the loss to the
victims is relatively modest. The loss is typically less than $30,000. In only
seven of the cases did the loss actually exceed $1 million.

With regard to the antitrust offenses, the volume of commerce that was
affected by the offense was typically less than $4 million; however, in nearly a
third of the cases, the volume of commerce did exceed $10 million over the
course of the offense.

The culpability score is an essential part of assessing the organization's
blameworthiness with respect to the offense. The most significant culpability
factor has been level of authority and the size of the organization. Chart 6
describes the application of this factor. Because most of the organizations are
small receive no enhancement or only receive a one-point enhancement for this
adjustment: 46 percent received no enhancement; 38 percent received a one-point
enhancement; and only one organization, which would be a 5,000-person
organization, received a five-point enhancement.

Some of the other culpability factors, such as prior history, violation of an
order, and obstruction of justice, are rarely applied. According to past
practices, these factors were rarely present in those cases.

Four defendants apparently have sought credit for having a compliance program,
but credit for a compliance program has only been awarded in one case. While
the defendant did receive credited for having an effective program, the unique
facts of this case limit its usefulness as a model - especially for larger
companies. The defendant was in the business of selling smoking paraphernalia.
Due to the nature of the products sold, the defendant recognized the inherent
risk of selling those products: the products could be used as drug
paraphernalia, which the sale of is prohibited under federal law. In order to
prevent violations of the drug paraphernalia laws, the organization produced a
training video to instruct employees that they should refuse to sell items to
any customer who inquires about drug paraphernalia or indicates that the items
will be used as such. The court felt that given the small size of the
organization, a videotape in conjunction with verbal instructions issued by the
owner represented an appropriate degree of formality to prevent and detect
violations of the drug paraphernalia law. The organization was credited with
having an effective program.

In the three other cases in which the defendant claimed to have a compliance
program, credit was denied. The court cited the following reasons for not
applying the mitigation: (1) The corporate president was actively involved in
the offense conduct; (2) the corporate president, while not actively involved in
the offense conduct, was aware of the illegal conduct; and, (3) while the parent
organization had an effective program, the program was not in effect at the time
of the offense at the newly acquired subsidiary where the offense actually
occurred.

The last culpability factor is self-reporting, cooperation, and acceptance of
responsibility. Chart 7 indicates that 87 percent of the defendants received
credit for accepting responsibility to some degree. Chart 7 also indicates that
most defendants received two points for cooperation; others received one point
for acceptance of responsibility. Three defendants did receive the full five
points for self-disclosure of the offense. In each of these three cases, the
defendants were under investigation. As the defendants conducted their own
internal review regarding the nature of the infractions, the defendant informed
the government of the pertinent facts.

Under the guidelines, approximately 80 percent of the organizations received a
sentence that included a criminal fine. The average fine imposed was $376,000.
Chart 8 indicates the average fine imposed on the organization by offense type.
It indicates that the highest fines were paid by antitrust defendants and fraud
defendants.

Just as an aside, there was one racketeering defendant and it was sentenced as
a criminal purpose organization - the organization was divested of its assets.

Chart 9 compares guideline practice with past practice. The chart indicates
that the fines have increased significantly, mostly as a result of the antitrust
and the fraud cases.

Restitution was ordered in about 33 percent, or 68, of the cases. The average
amount of restitution was nearly $300,000.

In promulgating the Chapter Eight guidelines, the Commission emphasized the
importance of probation as a sanction. Because probation provides a means of
maintaining control over an organization following an offense, the guidelines
require probation under certain circumstances.

Under the Chapter Eight guidelines, probation has been ordered in 61 percent
of the cases. Consistent with the directive in Chapter Eight, this represents a
significant increase over past practice. Under pre-guideline practice,
probation was ordered in only 21 percent of the cases. The data indicate that
probation was imposed in 72 percent of the cases primarily to secure payment of
monetary penalties; however, in 14 percent of the Chapter Eight cases, the
defendant was ordered to implement a compliance program to prevent and detect
future violations. The case documents, however, provide no detail on how the
program should be implemented.

The Commission's data is available through the University of Michigan. There
are four data files, two for past practice and two for guideline practice. You
can contact the Commission on how to specifically obtain that data. Thank you
very much.

COMPLIANCE CRITERIA IN CONSENT DECREES

MR. JORDAN: Good morning. In the fall of 1993, C. R. Bard, Inc., a medical
device maker, settled civil and criminal charges arising out of the company's
manufacture and shipment of allegedly defective heart catheters. Part of Bard's
plea agreement included a far-reaching compliance program. In reading that
agreement, and in particular, the compliance program imposed on Bard, I was
struck by how closely the compliance program tracked the organizational
sentencing guidelines' seven due diligence criteria. This was true even though
the Bard case technically was not covered by the organizational sentencing
guidelines - because the conduct at issue had occurred prior to the effective
date of the guidelines and, of course, the case had pled out prior to trial.

After the Bard compliance program came down, we undertook an informal review
of other consent decrees and plea agreements entered since the guidelines became
effective, in which compliance programs or portions of compliance programs have
been imposed. Some of these pre-dated Bard, and many have come after. To date,
we have looked at about three dozen such compliance programs and plea
agreements.

Our survey was not exhaustive. As you might expect, it is difficult to track
all of these down. Many are unreported. However, I think we have a
representative sample here in the three dozen, and I think we have most, if not
all, of the major cases in which compliance programs were imposed.

As the data reflect (see charts following John Scalia's presentation),
since the guidelines became effective, compliance programs have been imposed by
a cross section of regulatory agencies in connection with the settlement of a
variety of underlying civil and criminal offenses. It is important to remember
that technically none of these cases falls under the organizational sentencing
guidelines for the reasons I mentioned about the Bard case; either the conduct
at issue occurred prior to November 1, 1991, or they're civil settlements.
Nevertheless, the compliance programs imposed in these cases provide some
guidance on what the government is looking for in an organization's compliance
program.

I would like to make a few general observations about the consent decrees and
then highlight some of the main compliance criteria contained in these consent
decrees and plea agreements.

First of all, a few general observations. Several of the compliance programs
closely track the organizational sentencing guidelines' due diligence criteria.
Bard is one that I have already mentioned. Bard was primarily a criminal case.
The Grumman case is another. It was a civil settlement intended to head off the
filing of criminal charges against the company. And the Lucas Aerospace case is
another one that is a criminal case but closely tracks the organizational
sentencing guidelines' requirements.

The National Medical Enterprises (NME) case and the Caremark case - we heard
about NME yesterday. Both settled health care fraud and related charges, and
the compliance programs imposed are very similar to each other. Those two
programs also incorporate a fair portion of the organizational sentencing
guidelines' due diligence criteria.

I would like to make a couple points in particular about the Bard, Grumman,
and Lucas cases, and these points do apply to some of the other cases on the
table.

First of all, the Bard, Grumman, and Lucas cases all closely follow the
guidelines. In fact, the Grumman and Lucas cases almost lift the language
verbatim from the due diligence criteria section of the guidelines. All three
involve large companies - I think they're all public companies - which may be at
odds with some of the information we have been talking about earlier and the
information contained in last week's Wall Street Journal article. And
all three of these would have been organizational sentencing guideline cases if
the conduct had occurred after the effective date of the guidelines and the
cases had not pled out prior to trial and conviction.

The second point is that several of the more detailed compliance programs,
including, for example, the Bard case, Grumman, Lucas, and the Caremark case,
are designed to prevent and detect violations of all laws affected by the
company's business operations, not just the type of violations at issue in the
underlying settlements. For example, the Grumman and Lucas programs are
supposed to prevent all "improper business conduct."

The instances where compliance programs have been imposed cut across the
enforcement agencies and involve both civil and criminal prosecutions of a
variety of underlying offenses. If we discuss these cases by agency, we see
that the Department of Justice has been the most active, both through its
Criminal Division and its various Civil Divisions. In fact, the Department of
Justice Civil Antitrust Division was responsible for settling the largest single
group of consent decrees in which compliance programs were imposed. There are
approximately 15 antitrust compliance settlements. The compliance programs
imposed in connection with those settlements tend to be the same one to the
next. The language is almost identical.

The Department of Justice, with respect to criminal cases, usually
collaborated with one of the regulatory agencies. For instance, in several
cases DOJ's criminal division collaborated with the EPA to settle environmental
offenses, and, in many cases, there were parallel civil and criminal
prosecutions.

In the environmental area, we see that there is not much distinction between
the compliance programs imposed in cases settling civil versus criminal
allegations. As an example, I point you to the Louisiana-Pacific case, which
was a civil settlement of a Clean Air Act violation in which a rather rigorous
compliance program was imposed, and compare that program to the Consolidated
Edison case, which settled criminal charges arising under EPCRA. In the Con
Edison case, a court-appointed monitor is directed - as part of probation that
the company is put under - to develop and implement an effective program to
prevent and detect violations of environmental laws under the standards
established by the organizational sentencing guidelines.

The Department of Justice also collaborated with the Department of Health and
Human Services on two major health care fraud cases: the National Medical
Enterprises cases and the Caremark case. We heard about the NME case yesterday
from John Meyers. The compliance programs imposed in connection with these two
settlements are very similar. And, as John Meyers pointed out yesterday, the
NME case, which was the first of the two, is expected to be a model in this
area.

A legitimate question from all of this is: Are there any trends? The consent
decrees and plea agreements that we have seen show some similarities across
offenses - that is, if it is an antitrust offense, you have a good idea what
your compliance program is going to look like. Similarly, if you settle health
care fraud charges, you know that you are going to have a consent decree that
imposes a compliance program like the one in the NME and Caremark case. And if
you work in the FDA-regulated area, you would want to take a look at the Bard
case. But I think it is too early to identify any specific trends that cut
across the enforcement agencies.

It appears that the consent decrees and plea agreements reflect little, if
any, policy coordination across the various enforcement agencies, and I think
this would be very useful to companies. It would give companies some
predictability because companies' operations obviously cut across enforcement
agencies. And perhaps we can hear a little bit about this from the enforcement
community later today.

Having said all that, and although there doesn't appear to be any direct
policy coordination across the enforcement agencies, there are certain elements
that tend to recur in these compliance programs, that are worth noting. The
first, and one that appears to be very significant to the government, is the
establishment or reaffirmation of strong compliance oversight, and management
systems generally involving the appointment of a compliance officer, senior
management involvement, and active participation of the board of directors.

For example, all of the antitrust compliance programs require the appointment
of an antitrust compliance officer to be in charge of the company's antitrust
compliance program. In the Bard case, we have the appointment of a compliance
coordinator to oversee the company's entire compliance program. In Caremark, we
have a compliance officer. In Grumman, there is a vice president of audit and
ethics.

The government does not appear to be too concerned, at least in these cases,
about who the compliance officer is. He or she clearly has to have sufficient
power and authority to meet the guidelines' requirement, but doesn't necessarily
have to be a lawyer; in Caremark's case, it is the CFO; in Bard's case, it is
the vice president for scientific affairs.

Another feature of many of these compliance programs is the creation or
reconstitution of board committees to monitor compliance within the organization
and to interface with compliance officers. These committees are often made up
entirely of outside directors or a majority of outside independent directors.
These committees are expected to take an active role in the compliance efforts,
reviewing codes of conduct and other policy statements, interfacing with
compliance officers, getting reports on a regular basis from compliance
officers. And I point you to the Bard case, Grumman, NME, and Summerville
National Bank, among others, as examples of cases where strong board committees
have been appointed.

Also, we see in many cases the reconstitution or creation of new senior
management committees to take some responsibility for compliance and to give
overall corporate direction to the company's compliance program. The compliance
officer is usually a member of these committees.

Several of the consent decrees discuss the issue of the delegation of
substantial discretionary authority. The Bard, NME, and Caremark cases have
language treating this issue, and in a related provision, several of the
programs, including the health care fraud compliance programs and the Grumman
case, require that managers and supervisors' efforts to promote adherence to the
company's compliance program be an element of the manager's performance
appraisal process.

Many of the consent decrees also require companies to continue, update, or
adopt new codes of conduct or similar written compliance policy statements, and
also call for the drafting of additional written policies and procedures which
are designed to prevent the recurrence of the misconduct underlying the
settlement.

A majority mandate some form of training. The antitrust compliance programs
require an annual briefing on the antitrust laws to key employees. The more
detailed programs typically require some training of virtually all employees.
These would include the Bard, the NME, Caremark programs; Denny's, which was a
civil case settling public accommodation laws violations; and Grumman and Lucas
also appear to require such training. Several make it clear that the training
must be administered on an annual basis to all employees.

To the extent that the programs treat the issues of monitoring and auditing,
two features seem to be emphasized: misconduct reporting systems - and where
these are stressed, the feature that the employee be able to report it without
fear of retribution is very important. Audits are also emphasized. The
important factor there is that the auditor should be independent of the
facilities or personnel they are auditing - not necessarily an outside auditor,
but independent.

Few say much about enforcement. The most substantial is the Bard case, which
tracks the guidelines language by requiring the creation of an organization-wide
consistent disciplinary system for compliance violations.

To the extent that the decrees treat the issue of appropriate responses after
an offense, three things are emphasized: conducting investigations, halting any
ongoing violations, and requiring the reporting of substantiated offenses to
appropriate governmental agencies.

Finally, these cases make one more point: if a compliance program is imposed,
the government and the courts can be expected to be intimately involved in the
company's subsequent compliance efforts, and in the company's actual business
operations. Virtually all the decrees have one or more of these features, and
they're very similar to the probation provisions of the organizational
sentencing guidelines. You have court appointed monitors to oversee the
company's compliance program. You have consultants who have full and unfettered
access to books and records and to people in the organization. Also, companies
are often required to get approval for all or part of their programs from the
government or the courts. Many of the companies must give regular reports to
the government or the appropriate regulatory agency, in some cases as often as
every four months. The lesson here is, to echo what John Meyers said yesterday,
a company is much better off voluntarily putting a compliance program in place
rather than having one put in place in response to a consent decree or a plea
agreement. Thanks a lot.

QUESTIONS & ANSWERS

COMMISSIONER GOLDSMITH: Mr. Scalia, you have indicated that only four
organizations had sought credit for a compliance program. The questioner says,
"I thought the Sentencing Commission had reported that 31 organizations
sought credit between November 1991 through 1993, and eight in other cases in
1993 to 1994."

MR. SCALIA: No. In our annual report, in the past two years we have only
reported four. The first year we had the drug paraphernalia case, and then last
year we reported that three cases didn't receive credit for their programs.

COMMISSIONER GOLDSMITH: Mr. Jordan, you mentioned officer and board
involvement. Can you comment on director and officer liability?

MR. JORDAN: Well, I think actually Richard Gruner can speak to that at
length. As some of you may know, under the ALI corporate governance principles,
board members and senior management are subject to potential personal liability
if they have not instituted adequate compliance controls and procedures,
particularly in a public company.

I think the government's intent here with respect to the establishment of
strong compliance and oversight structures at the top is to involve the highest
governing bodies in the organization with the company's compliance program.

COMMISSIONER GOLDSMITH: Mr. Scalia, have any companies been found to violate
probation? If so, what happened? Have any assistant U.S. attorneys verified
compliance with probation requirements, especially those dealing with compliance
programs?

MR. SCALIA: Unfortunately, the Commission doesn't collect post-sentencing
information, so we don't have any way of knowing to what extent companies
violate probation.

A. The imposed compliance programs suggest that the government places great
importance on the establishment of strong compliance oversight and management
systems, including senior management and board involvement. Thus, in examining
organizations' compliance programs, the government is likely to take a hard look
at whether officers, senior managers, and, particularly for a public company,
the board of directors are active in overseeing and monitoring the
organization's compliance programs. At the same time, emerging standards of
liability, in such pronouncements as the 1994 ALI Principles of Corporate
Governance and the 1994 Corporate Director's Guidebook, suggest that officers
and directors have an affirmative duty to ensure that the organization
establishes adequate compliance systems and controls. These pronouncements
suggest that officers and directors may face personal liability for failing to
do so.

Q. It seems the government is seeking different compliance requirements in
different cases. Do you have insight into why? Are your persuaded these
differences make sense?

A. There appears to be little, if any, policy coordination among the
Department of Justice and the assorted regulatory agencies that have imposed
compliance programs since the guidelines became effective. However, two points
should be emphasized: The compliance programs imposed for the same type of
offense tend to be very similar. For example, the imposed antitrust compliance
programs are almost identical, and the programs imposed in the National Medical
Enterprises and Caremark cases, both for health care fraud and related
violations, are very similar. Second, certain elements tend to recur across the
consent decrees and plea agreements in which compliance programs were imposed.
These elements generally track - and, more importantly, flesh out - the
guidelines' due diligence criteria: strong compliance oversight and management
structures, including the designation of specific personnel to oversee
compliance; the creation and communication of compliance standards and
procedures; monitoring and auditing systems, such as hotlines and independent
auditors; and violation response systems.

MR. SWENSON: Good morning, again. At yesterday's lunch, Senator Kennedy spoke
of the guidelines' promise of reduced penalties for companies that act as good
citizens. But he also cautioned that if collateral, non-criminal penalties that
a company might face do not turn on the same good citizenship criteria, the
value of the guidelines' promise - and the policy that underlies that promise -
may be diminished.

When it wrote the organizational sentencing guidelines in 1991, the Sentencing
Commission recognized that companies facing guideline penalties might well face
other kinds of collateral sanctions. However, the Commission determined that
the question of coordinating criminal and other penalties was largely beyond its
jurisdiction and control. The guidelines do permit courts to take collateral
penalties into account in choosing the fine within the allowable guideline
range, but that is really the extent of coordination of penalties under the
guidelines.

Today we reopen the discussion, without taking a position on it at this point,
but with a significantly broader view because coordination issues really go
beyond the question of whether guideline penalties should better account for
other sanctions. Coordination issues fundamentally include the question of
whether the many enforcement tools and policies used by the federal government
are in sync. I think that was the thrust of Senator Kennedy's remarks
yesterday.

Exploring these issues this morning will be three distinguished speakers with
distinct backgrounds: one from government, one from a large corporation, and one
from academia.

Our first speaker is the Honorable Eleanor Hill. Since March 1995, Ms. Hill
has served as the Inspector General of the Department of Defense. In this role,
she oversees what might be considered the largest and best established
government coordination policy: the Defense Department's Voluntary Disclosure
Program. This program will be the focus of Ms. Hill's remarks this morning, and
in keeping with our policy of trying to keep the train running on time, I'll
refer you to the program book for a full description of Ms. Hill's most
impressive bio. But let me say here that she has had a remarkable career in a
relatively few number of years, spanning work in Congress, as a federal
prosecutor, and a trial attorney.

Before calling on Ms. Hill, I should note that due to the press of other
obligations, she is going to have to leave following her remarks. However, we
are pleased to have Bruce Drucker here to answer questions that you may have in
the wake of Ms. Hill's remarks. Bruce is the Deputy Assistant Inspector General
for Criminal Investigative Policy and Oversight, and I guess in practical terms,
Ms. Hill's point person for the voluntary disclosure program.

On that note, it is my very great privilege to introduce the Honorable Eleanor
Hill.

MS. HILL: Good morning, and thank you for the opportunity to be with you here
today. I am particularly pleased to be even a small part of the efforts of the
Sentencing Commission to work with you on the very important issue of corporate
crime in America. As Win mentioned, I have been Inspector General at the
Department of Defense for only about six months now, so I am still relatively
new in dealing with the Defense Department's voluntary disclosure program.
However, in my prior life, both as a federal prosecutor and as a staff member in
the U.S. Senate for almost 15 years working a lot on crime issues and law
enforcement issues, I can tell you that I am very familiar with the issues you
are looking at - corporate crime, the issue of compliance, corporate good
citizenship.

In fact, in the Senate I can remember - only too well, perhaps - the many long
hours of work that went into drafting and negotiating the final passage of the
legislation that gave birth to the Sentencing Commission. I can tell you that
many people worked very, very hard to get that legislation passed and to get it
done in what they felt was the best way. So I am particularly pleased, and it
is very reassuring to me, to be here many years later and see that the
Commission is not only a leader in reforming the sentencing process, but is also
working very hard with the private sector in forums such as these on other
issues, including corporate compliance and corporate good citizenship.

I have been asked this morning to talk about the voluntary disclosure program
in the context of the concept of the good citizen corporation, which I
understand is the subject of this forum, as well as the need for improved
corporate accountability. Both of those concepts, I believe, necessarily imply
developing an increased sensitivity to what is and what is not appropriate
behavior in the corporate arena. That task is never easy, often thankless, but
nevertheless always critically important.

In the rush to compete and to achieve, our society's focus on ethics has too
often been too little and too late. General Omar Bradley once commented, "The
world has achieved brilliance without conscience. Ours is a world of nuclear
giants and ethical infants."

The Department of Defense voluntary disclosure program in my view is our
effort to energize an active corporate conscience of sorts in the defense
industry. Discussing the voluntary disclosure program could, indeed, be a topic
for an entire day's seminar by itself. Fortunately for you and for me, the
schedule this morning doesn't permit us to do that.

Briefly, I am going to try to give you some idea about the program's genesis,
about the processes under which it operates, and our best estimates as to its
effectiveness and what our experience indicates it tells us about contractor
efforts at self-governance in the defense industry.

In the early and mid-1980s, both the defense industry and the government faced
an important, serious dilemma. There was a need to responsibly address reports
of widespread fraud in defense contracting. The media had widely publicized
cases of investigations of defense contractors for such offenses as cost
mischarging, defective products, false statements, and false certifications. At
the same time, the government and the industry needed to maintain a stable,
cooperative, and productive relationship. The challenge for both was to do this
while, in an oftentimes adversarial process, closely scrutinizing and
investigating allegations of fraud in the industry. And that is not an easy
task because there are natural tensions, obviously, when you get into the
investigative mode.

During the same time period, the Department of Defense realized the need for a
better and a more coordinated approach to fraud investigations, an approach that
balanced in the most productive way possible all the available remedies -
criminal, civil, administrative, and contractual.

The department to do this created something called the coordination of
remedies program to ensure that all of those remedies were considered in a
balanced and timely fashion. The approach encouraged the exchange of
information between independent remedies authorities while attempting to also
ensure that an action by one entity would not adversely affect the ability of
another to use other available actions. As a result, the number of indictments,
convictions, monetary recoveries, suspensions, and debarments all rose
dramatically. Unfortunately, although this was beneficial to the government in
one sense, it also inevitably increased tensions in the industry between the
industry and the government.

Recognizing the need for a new approach, President Reagan created the Blue
Ribbon Commission on Defense Management, commonly referred to as the Packard
Commission after its Chairman, David Packard. The Commission, among other
things, was established to find better ways to manage the business relationship
between industry and government. The Commission's report, which was issued in
1986, recommended, among many other significant things, that contractors
establish ways to implement stronger industry-wide principles of accountability.
Even more specifically, the Commission report recommended that contractors
disclose to the government irregularities that they discover in the course of
their own accountability procedures.

The Commission recommended that the Defense Department also implement its own
program, with appropriate incentives to encourage contractors to, in fact,
voluntarily disclose this type of information to the government. To their
credit, the major defense contractors acted almost immediately upon receipt of
the Packard recommendations. The Defense Industry Initiative for Business
Ethics and Conduct was established, and along with it there was an adoption of
principles which, in fact, endorsed aggressive self-governance in industry and
voluntary disclosure of violations of federal criminal and civil procurement
laws.

The Department of Defense, not to be outdone, also reacted, both in response
to the Commission's report and to the disclosure of some 14 matters by
contractors to the department. Deputy Secretary of Defense Taft signed a
memorandum in July of 1986, not only encouraging contractors to make disclosures
to the Defense Department, but also establishing the procedures that were to
become the voluntary disclosure program.

The program continues to operate today, with both my office and the
department's senior management strongly committed to its success. It provides a
formal framework in which self-governance efforts by contractors interface with
government compliance and remedies programs in the department. It is not a
means for excusing contractors for improprieties or illegalities; rather, the
program encourages contractors to demonstrate to their employees their
commitment to ethical business practices by helping the government to hold
individuals accountable for improprieties.

Under the program, matters of potential criminal or civil fraud relating to
the contractual relationship between the department and the industry can be
brought to the Inspector General at the department by a contractor. Matters of
administrative oversight, for instance, accounting issues, costing, pricing, et
cetera, which do not involve any knowledge or intent to defraud, are brought
instead to the administrative contracting officer or to the Defense Contract
Audit Agency.

I want to take just a minute to discuss what the program does and does not do.
First, the voluntary disclosure program is not an amnesty program. Action can
be taken against corporations as well as individuals that are involved in
matters that have been disclosed. On the other hand, good-faith cooperation and
disclosure by the contractor is certainly considered favorably by the government
in determining what action should be taken.

In reality, the program rests on three premises. First, that the department
would be hard pressed if it found that it could no longer do business with a
large number of its largest contractors, and, in fact, in the worst-case
situation that could happen, particularly in an instance where a contractor, a
large defense contractor, had a second or third conviction. Once beyond the
first conviction, it gets harder to escape the possibility that that contractor
might, in fact, be suspended or debarred, and thus end, at least for a time, the
relationship with the department.

The second premise is that the department must make every effort to eliminate
the perception - particularly the public perception, which was at a height
probably in the mid-1980s - of the defense programs and industry as inefficient
and corrupt. That certainly does not help the industry, and it does not help
the Department of Defense in its justification of its programs to the Congress
and to the President.

Third, a contractor is better off reporting problems rather than running the
consequences of independent detection by the government, and I will tell you a
little bit about what we do in the program to support that conclusion.

The program offers contractors several advantages: one, expedited
investigation and audit of a matter; two, early identification of the DOD
component which is designated to make suspension and debarment decisions in the
matter. This, of course, serves to facilitate contractor communications from
the outset regarding possible remedial actions by the government. And, three,
an agreement that the Department of Defense will advise the Justice Department
of the nature of the disclosure, the extent of the contractor's cooperation, and
the types of corrective action that have been taken by the contractor. This
last item is perhaps the most attractive to industry.

A corollary of probably equal benefit to the industry is the nature of the
Justice Department process for handling voluntary disclosures under the program.
It is not the usual prosecution and investigative process which is carried out
in most cases that are not handled under the program.

In effect, the Justice Department has removed the uncertainties and the
inconsistencies that would otherwise be inherent in the possible exposure to any
number of different United States Attorney's offices in the country by
identifying the Defense Procurement Fraud Unit in the Department of Justice as
the central point for the Criminal Division in addressing the criminal aspects
of these cases. So, in other words, there is one unit in the department that
handles all the decisions on those cases as opposed to being handled by
individual different prosecutors with different impressions in the field, so to
speak.

While the program certainly offers advantages to contractors, on the other
hand it also requires that contractors do certain things. First, to gain the
benefits of the program, a contractor must make a disclosure of a matter
voluntarily and not because of a belief or a knowledge that the facts of the
case have been known or are about to be discovered by the government. Prior
government knowledge of the facts does not necessarily preclude acceptance into
the program as long as there is no evidence that the contractor knew of the
government's involvement. In other words, obviously a contractor who is doing
something wrong and realizes that the government or someone is about to find out
about this cannot head it off, so to speak, by then going to the voluntary
disclosure program. Good-faith cooperation is always viewed more favorably than
its absence. We, along with the Justice Department, will evaluate a
contractor's cooperation in any matter in determining the nature and degree of
remedies appropriate for the case.

Two, the disclosure must be made on behalf of the business entity and not be
made as admissions by individuals, officers, or employees. In other words, the
corporation, the entity itself, must make the disclosure, not the individual.

Third, appropriate action, including appropriate corrective and disciplinary
action, as well as restitution to the government, must be taken by the
contractor. So, in other words, the contractor must do something to correct the
problem. Also, it is not a strict requirement, but in many of our cases, the
contractors themselves will actually conduct their own investigation of the
allegations. Sometimes that's done before they bring the matter to the
department because they obviously want to verify it, and sometimes they, in
addition, follow up with a more detailed investigation after that, which we then
review and can supplement if we feel it needs to be supplemented as we are
reviewing the whole issue at the department.

And, fourth, the contractor must agree to cooperate in any ensuing audit or
investigation. As with any new and innovative approach, the implementation of
the voluntary disclosure program has not been without its problems. I believe
participating contractors and the government have been able to mutually address
many of the major problems that have arisen to date and hopefully will continue
to do so in the future. I have to admit that I read with interest the outline
that was prepared for Bill Lytton's remarks next here this morning. As I
understand it, he is going to speak to you about the need for greater
coordination, particularly his thoughts on inconsistent government policies in
the areas of voluntary disclosure, qui tam suits, and hotlines, et
cetera.

I have to confess that I smiled broadly when I read, as one of his lessons
learned, that "There is no grand government strategy." I can tell
you, having worked for many years both in the executive branch and probably even
more pointedly in the legislative branch, in the Senate, that he is absolutely
right. There is none.

The diversity and the sheer size of this government, which I believe reflects
to a large degree the diversity and the size of this country, makes it, in my
view, extremely unlikely, if not impossible, that we will ever have any
comprehensive "grand strategy" of sorts in the U.S. Government.

That's not to say we haven't tried. Certainly parts of the government have
tried. For example, I can remember working very hard to try to get legislation
to come up with a grand strategy, so to speak, in the anti-drug area when the
drug problem was at its height. And we worked on that for years and got some
legislation, and I am not convinced we still have a grand strategy, but we have
tried it in areas, and no doubt we will continue to keep trying. But it is, in
my view, a very difficult goal, and it is a goal that is difficult because of
the nature of this government and the nature of this country. It is a diverse
government; it is a huge government that does many, many different things, and
trying to perfectly coordinate it all into one single strategy is an admirable
goal, but I'm not sure it's a realistic one.

The good or, at least I should say, the encouraging news is that at least in
the Department of Defense, which in and of itself I can tell you is a huge
organization and a diverse one, we have made real progress in getting closer
coordination, if not a grand strategy, among the players involved in potential
remedies, sanctions, or other responses to voluntary disclosure cases.
Moreover, we try to coordinate with the Justice Department and with other known
government players who may have an interest in these kinds of matters. The
trick, of course, is knowing who the players are early on and coordinating and
talking to them early on.

It is important to note that particularly where criminal activity is alleged,
our coordination, as good as it is with the Justice Department, does not and
cannot mean that we control their final decision on the matter, which is, of
course, made independently of our office. So there are limitations even on how
much we can coordinate, obviously, in certain areas.

In short, we have not solved all of the problems that Mr. Lytton is going to
point out to you and that I think we recognize exist in the area of inconsistent
policies and lack of coordination. But we certainly are aware of them, and we
are working on them, and we will continue to work on them.

In any event, we do believe that the voluntary disclosure program has been
successful and beneficial to both the government and the contractor community in
providing a mechanism for addressing problems identified in self-governance
programs. A few statistics demonstrate the extent to which the program has
accomplished its purpose.

As of the quarter ended June 30, 1995, there have been 344 disclosures made to
the Inspector General's Office, of which only 27 have been denied admission into
the program for any number of reasons. Of the remaining 317 disclosures, 131
have been completed and closed, ten are in preliminary processing, 17 in the
preliminary stages of acceptance, and 159 are actively being pursued for
resolution.

A total of 145 corporations, including, I might point out, 48 of the top 100
contractors, have made the 344 disclosures. The program has resulted in a
return to the government of approximately $297 million. There have been three
corporate and 54 individual convictions as a result of the program, and only two
contractors - two - have been suspended or debarred as a result of their
disclosures. And I might add that the convictions of the corporations and the
two that were suspended or debarred were cases where there were, in fact,
aggravating circumstances that, in the minds of those making those decisions,
justified those sanctions. But that clearly has not been the usual scenario
once the disclosure is made in good faith and there had been good-faith
cooperation.

Those results and the program's success have not gone unnoticed in other parts
of government. The Department of Justice has issued prosecutive guidelines
regarding voluntary disclosure in the area of environmental crime and a
corporate immunity program for voluntary disclosures in antitrust cases.
Recently, the Department of Health and Human Services, confronted by growing
public concern and congressional concern over the problem of health care fraud,
has announced the establishment of a pilot program for voluntary disclosure in
that area.

Finally, my office has been approached by several other executive branch
agencies who are considering developing similar programs in their particular
areas of concern. And my own view is that with the probable or very likely
ongoing reduction and downsizing of government resources over the next several
years, it is very likely that you will see an increased interest in many parts
of government in enacting and establishing voluntary disclosure programs,
because as the government's resources lessen in the areas of audits and
oversights and investigations, clearly programs like this that allow industry to
help the government take a short-cut on some of these investigations by coming
forward voluntarily. That is seen as a help to the government in the way of
resources. So I think you are going to see more of this, and we continue to
work with the other agencies, including HHS and those that are starting up, to
give them the benefit of what we have done in the area of defense.

In sum, at least in the area of government contracting - and I recognize that
your interest goes beyond just government contracting - voluntary disclosure
programs do help to ensure not only fair and balanced government oversight, but
also reliable contractor internal controls. Their goals should rightly be to
make government oversight more effective and more efficient, not necessarily to
eliminate, reduce, or downgrade such oversight. If these programs succeed, we
all, both industry and government, stand to benefit.

On a broader scale, the success of our voluntary disclosure program
demonstrates that the concept which you are looking at this morning, the concept
of good corporate citizenship, is in my view, alive and well and hopefully
growing in corporate America. It shows that good can come from government and
industry working together to ensure accountability and ethical conduct in
business as well as in government.

I see my time has just about elapsed, so I want to thank you again for the
opportunity to be with you, at least for a few minutes here this morning, and
just close with the thought that I hope that our experience in the Department of
Defense - and we do have some in this area - can at least be of some help to you
in working to develop many, many more "good citizen corporations"
across the country in all of your areas. Thank you very much.

THE CASE FOR GREATER GOVERNMENTAL COORDINATION:

CIVIL SANCTIONS AND THIRD-PARTY ACTIONS

MR. SWENSON: Our next speaker, Bill Lytton, is one of those people who makes
you wish you wrote your Rolodex in pencil. He began his career as a prosecutor
and more recently, in 1989, he became the General Counsel of G.E. Aerospace and
served in that capacity until G.E. Aerospace merged with Martin Marietta.

At the new Martin Marietta, he served as Vice President and Associate General
Counsel until Martin Marietta's merger with Lockheed in March. In the new
Lockheed Martin Corporation, Bill is a Vice President and General Counsel of
Lockheed Martin Electronics.

Over the last few years I have heard Bill Lytton talk on a range of topics and
always very impressively. His theme for today is something I can recall
chatting with him about probably at a DII best practices forum a couple of years
ago, and I think you will find that, despite his naturally shy demeanor, he has
a lot to say. Bill Lytton.

MR. LYTTON: Thank you for the introduction, Win. I will remember that. I
should start off with a disclaimer that my comments today are personal, based
upon my personal experience. They do not necessarily represent the views of my
corporation, whatever the name of it is today.

We have done a couple of things as a result of all the mergers. Number one, I
don't order business cards in groups of more than five, and number two, those
are now coming out in slate and chalk so that we can keep up to date.

I have been asked to address a provocative subject and to be provocative in
doing it to give the perspective of the big corporation - not the big house, I
might add, for those of you who are old 1930 movie buffs.

I want to talk about the guidelines. I think they have been a catalyst for
organizations in many areas. They have forced a lot of us to re-examine the
commitment we have to lawful and ethical behavior, and they have also helped us
establish or modify policies and procedures that ensure compliance with legal
and ethical standards. And in that regard, I believe the guidelines have had a
salutary effect.

I also want to congratulate the Sentencing Commission for sponsoring this
public forum and for being open to comments and criticism. It is not a group
that has declared victory and gone home; rather, it is a group that has tried to
critically examine what they are doing and see what changes might be made. And
continuous improvement itself, I think, is somewhat unusual in the government.

Perspective is important. I saw a sign on a marquis a couple of weeks ago
that said, "We do not see things as they are. We see things as we are."
Obviously we filter what we see through our own eyes. And so what we see is
obviously influenced by where we sit, and the challenge we face is to try to see
it from the point of view of others. And this type of candid - hopefully candid
and hopefully understood to be that - discussion I think is only helpful.

As an optimist, I see the guidelines as a work in progress, one that will
improve. As a lawyer, I, of course, admire anyone who has the ability to speak
out of both sides of their mouth at once. But I stand in unabashed awe at the
ability of the United States Government to promulgate so many different
policies, practices, and procedures that are absolutely inconsistent, and to do
it all simultaneously.

Let me give you a little bit of an overview. I start with the premise that
the guidelines are government policy. They are a specific, integrated, and
articulated government policy that rewards a certain type of organizational
behavior and punishes other types. So seen in a vacuum, the choice of an
organization is clear. You modify your behavior to conform to the guidelines.

Organizations, however, act through human beings who need to be trained and
encouraged to conduct the affairs of the organization in a manner consistent
with that organization's commitment to conform to the guidelines. To the degree
that these human beings are given conflicting or confusing directions, the
ability of the organization to achieve its goal of conforming to those
guidelines will be jeopardized; and to the degree that the organization's
ability to conform to the guidelines is jeopardized, the goal of achieving
conformity to this government policy is likewise jeopardized.

The United States Government, through legislation and executive branch
actions, has institutionalized other policies which, at best, cause confusion
and, at worst, are inconsistent with the guidelines' policy. And this conflict
and confusion, I think, may be one of the single most important impediments to
the goal of achieving that underlying policy that we all, I think, support with
the guidelines.

So organizations sometimes find themselves in a Catch-22 situation where their
employees' actions necessarily put them and their organizations at risk because
of other government policies. In these cases, both the organization and the
government, it seems, suffer.

Now, if the government is serious in wanting to promote the public policy
underlying the guidelines, it needs to understand these conflicting policies and
to address them, and that's what I have been asked to help do today.

The guidelines talk about a number of things that are important,
characteristics that can be mitigating factors if and when a corporation finds
itself standing in front of a judge about to be sentenced after having been
found guilty of federal criminal conduct.

One of them is internal reporting. The existence "of a reporting system
whereby employees and other agents could report criminal conduct by others
within the organization without fear of retribution" is an important goal
of the organization. This plays into a second important mitigating criterion,
voluntary disclosure - part of what Eleanor just addressed - where the
organization discloses to the government something that went wrong in the
organization, and the company is encouraged to fully cooperate in the
investigation and to affirmatively accept responsibility for its criminal
conduct.

Most companies, I believe, certainly the large ones - and God knows I've been
with a lot of them the last two years - have embraced the guidelines, have
worked hard to encourage its employees to self-report, to have trust in their
companies, to provide for anonymous reporting, and otherwise to develop audit
and other processes that will discover relevant information. Hotlines and
ombudsmen are only the most visible and obvious of these efforts.

But there is some inherent resistance to this type of self-reporting process.
For instance, some company lawyers that I have known in the past may have
difficulty in confessing to a crime that may not have been discovered and,
indeed, may not even have been committed. A second impediment may be it is not
in human nature in America to be a "snitch," and we sometimes find a
lot of difficulty with our employees in encouraging them to tell us if they
observe a problem caused by a fellow worker. One only has to look at the most
recent case of Archer, Daniels, Midland and the reports that have been in the
Wall Street Journal about what has happened in that case and the
reaction to the executive who reportedly was acting as an undercover agent, an
informant for the government.

I note that a member of the Illinois Christ Lutheran Church said, "Why
didn't he just quit? That's what I would have done. I'm not about to be a spy."
And the co-owner of Nick's Auto Body said, "The fact that the Feds spy on
the community frightens me. They're about as underhanded as anybody. And this
guy's not an upright citizen, or he wouldn't be ratting on his boss." So
obviously the guidelines' policy has not yet affected the culture of some
religious and auto repair organizations.

To the degree that our employees do not report what they see or suspect, and
thus deprive the company of the opportunity to make a voluntary disclosure and
to cooperate, that may be seen under the guidelines as evidence of an
ineffective corporate program and perhaps an inadequate corporate commitment to
compliance and ethics. And I'm not sure that is necessarily the conclusion that
one should come to.

One of my favorite topics: qui tam. The same Congress that set up
the Sentencing Commission has also established the qui tam or
whistleblower statute, which provides that someone who files an action alleging
a fraud against the government may recover up to 30 percent of the ultimate
recovery, which itself can be up to three times the amount of the loss to the
government.

The qui tam laws are premised on a central and very powerful idea:
greed. And if it's not greed, then why do we need all that money to make people
do it?

Money is not normally required to make people do the honorable thing. The
theory is that if enough money is offered, employees will turn in their own
mothers or at least their own bosses. And added to this greed factor is this
wonderful, powerful interest of lawyers who see their opportunity of getting
one-third to one-half of the bounty hunter client's reward on top of their
counsel fees. I used to be in private practice, and I know how attractive that
is.

In the case of an ongoing fraud, the longer the qui tam relator waits
to file his qui tam case, the more money the government stands to lose,
and the more money he or she stands to gain. I think this highlights the fact
that the statute's concentration is on making money for the relator and the
lawyer and not on stopping fraud, waste, or abuse.

This lure of the big bucks is a powerful incentive for employees to seek out
their local plaintiff's lawyer rather than their ombudsman when they see a
problem in their corporation. These whistleblowers are then applauded, of
course, as courageous people who have put the interest of the country above
their own well-being. The media has a field day with it, and the client and the
lawyer begin to consult financial and tax experts and advisors. You might even
hear that their very lives were in danger. Spare me.

The motive behind these cases, I suggest, certainly a large number of them, is
exactly what Congress has or should have anticipated, and that is greed. And
there are other types of bounty hunter laws that are being adopted or proposed
or considered, including in the environmental area. So a corporate employee has
two choices when confronted with possible wrongdoing in his company: be a good
and honorable employee and report it internally, or take the money and run.

The fact that employees don't take the greed route all of the time is, I
think, a wonderful surprise, but when it happens to you and your company - and
those of you who deal with the government will find it happen - it is not very
pleasant.

When they file these types of cases, I think it is predictable; it is human
nature. But when we are able to go to an ombudsman and then follow a voluntary
disclosure route, that happens in spite of, not because of, the qui tam
policy of the United States Government.

This is more than a theoretical issue. Consider the following hypothetical.
A company auditor discovers that your company has overbilled the government by
$1 million. If he does what he is supposed to do and reports it internally and
allows the corporation to make a voluntary disclosure - I checked with Win on
this because he's the expert on this stuff - he says the fine could be as low as
$50,000. If the same auditor, however, instead of reporting it internally
decides to call up the plaintiff's qui tam bar and lets it go on and
then we don't get a chance to discover it because we thought that's what the
auditor was doing - indeed, the auditor may even lie to us, or maybe he just
resigns because he knows he's going to make a lot of money - then the
corporation can be fined up to $1 million.

So even though the facts of the crime are exactly the same, the decision made
by the auditor could affect the size of the fine by a factor of 20. Such an
arbitrary and capricious result cannot be the result of a conscious, coordinated
government policy.

I think that if we as a people in this government want to encourage the
voluntarily disclosure of problems to the government, why not require that a
prerequisite to filing a qui tam action by an employee is that he or she
first has to go to the appropriate person, whether it's the CEO or the
ombudsman, and tell them. And if the company doesn't do anything for 60 or 90
days, then you can file it.

Do you know what's going to happen if some employee comes to me and says, "I've
got a problem and if you don't do something I'm going to file a qui tam?"
I'm going to call up Bruce Drucker. And you're going to have more disclosure.
What would happen? The plaintiff's bar would lose a lot of money, and the
relators wouldn't get up to 30 percent of the money.

I think these are ideas that take greed out of the equation and that would
enhance the underlying policy of the guidelines for voluntary disclosure. And
such a policy and such a change would be perfectly consistent with the
guidelines.

There is also a second government practice or policy that can be inconsistent,
or at least cause confusion. Government agencies often encourage and sometimes
require that posters be prominently displayed with a hotline for calling the
government when an employee is aware of fraud. I think this is confusing.
Their quite reasonable rationale for having it is that in some cases employees
will not feel comfortable to report it internally. They may not have a system
that would work, or maybe they're dealing with a company that is just a bunch of
crooks. So I think there's a good reason for it. I don't deny that. And the
other reason they would do it is they're not aware of the whistleblower statues
and all the money they can make.

But when an employee does call the government hotline, once again a
corporation is deprived of the opportunity to make a voluntary disclosure. I
think what we have to do is at least realize that in such cases it is not
presumptive evidence, if you will, that we had an ineffective policy. I think
there needs to be some consideration that the government would give credit to a
corporation for what would have happened if they had made a voluntary disclosure
- if this guy had called the inside person rather than the outside person. And
I think sometimes this does happen in the DOD IG's office. I think they are
willing to do that. But as we expand throughout the government, I think you
need to watch out for that because our employees are being encouraged not to
call us. They are being encouraged to call lawyers or the government, and the
policy of the guidelines says that if they don't call you, that is not good - it
doesn't say something good about you.

The voluntary disclosure program that Eleanor talked about is, I think, one of
the real success stories in the United States Government. I think the DOD IG's
office and Bruce Drucker do a wonderful job, and a trust has built up over the
years between industry and government in this, and that is why it has been so
effective. But let me talk about the process of making the decision to make a
voluntary disclosure.

It is rarely a clear-cut, easy decision. The reasons for making it are
compelling from a corporate point of view. You significantly reduce, if not
eliminate, your chance of being criminally prosecuted. And if you are
prosecuted, at least under the guidelines your penalty will be less severe than
if you hadn't. But the circumstances in which the decision is often made are
difficult, stressful, and ambiguous.

When I was a federal prosecutor in Philadelphia, we had a bank robbery. It
was a wonderful case. The bank robber is in line. He robs the bank. A
beautiful 8-by-10 glossy photograph of the bank robber comes out of the
surveillance camera. The dye pack explodes, and standing behind him in line is
an FBI agent. This is all true.

The closing argument of the government prosecutor was: "Ladies and
gentlemen, are you familiar with the expression 'caught redhanded?' This guy
was caught redhanded. Thank you very much."

Now, that's a dead-bang case, and, by gosh, if that happens, you know what to
do. But the reality is in corporations, when you are dealing with fraud
instances or potential fraud instances, you rarely see it with that sort of
clarity. And while you're trying to get the clarity, you must recognize that
hesitation or delay may be fatal to your ability to get into the program and to
get the benefits thereof.

Clausewitz, I think it was, somebody like that, talked about the fog of war,
and that's what happens when you are sitting on the inside and somebody comes to
you with a potential problem. In a defective pricing case, you don't need a
primer on this, but it often turns on the intent of the individual. That is
your typical white-collar case. There is no question as to what the person did.
But did he or she intend to do something wrong? A conscientious, good-hearted
internal investigator who believed in the presumption of innocence might look at
that and conclude that the person did not intend to do something wrong.

That same investigator having gone to Bruce's school and having been trained
with a little booklet they have - I believe it says "Think Fraud" -
believes that the presumption of innocence is a nice thing for the books, but it
does not really apply. (I think once when I was with Bruce, I asked for a show
of hands from the agents. I said, "How many of you really believe in the
presumption of innocence?" Not one hand went up.) The investigator might
now conclude with the same facts that the guy intended to do something wrong.

So while you are sitting there trying to make these decisions, very difficult
decisions, you recognize that the clock is running. If you make the decision
too late, you may be out. If you make it too early, you may disclose actions
that you later determine upon further investigation are not fraud. And while I
think I can convince Bruce on that, when I end up at the DOJ, I have another
problem because the Department of Justice Civil Division believes that a filing
of a Voluntary Disclosure is the moral, if not the evidentiary, equivalent of a
confession of fraud. And if you later go to them and say, "Well, it was
all a mistake, we looked into it further and it is not fraud," that might
be construed as lack of cooperation, backing off, failure to accept
responsibility, et cetera, et cetera.

So I don't know how much of a counter-balance the risk of significant civil
penalties - because the DOJ comes in talking trebles and maybe you can get them
down to doubles of whatever the loss to the government is - may or may not be to
make voluntary disclosures. I don't think it is for the larger companies, but I
think that with smaller companies it may well be, and you should keep that in
mind.

I understand there is going to be somebody later talking about the self-audit
privilege and I think this is another example. One of the things that results
from the guidelines is the effort to find out if you've got a problem. So we
conduct internal audits and investigations, and we like to keep those things
kind of secret - for a number of reasons, many of which are legitimate.

Just like you have the FBI not wanting raw FBI 302s to be out there, we don't
want our investigative files to be out there. Why? Because there's another
group of lawyers called the plaintiff's security firms. I used to be in one of
those, and what they do is every morning they look in the Wall Street
Journal, and companies whose stock went up or down find themselves in
trouble. They file a class action suit. There's a number you call in
Wilmington, and if you're the first one, you're the lead counsel and you get
most of the money.

It's very well organized - talk about sentencing guidelines for organizations.
There's one you ought to look into.

We would rather not show all of this stuff to the plaintiffs who are going to
try and blackmail us to settle the case. I don't mind sharing it with the
government so much. They're not my biggest concern. But when we assert a
privilege, I think there is a knee-jerk reaction of the government to say: a
privilege - lack of cooperation. I think the government should think more
carefully about when it's going to challenge an assertion of the self-audit
privilege, because the more you challenge it and the more there is no privilege,
the less internal investigation there is going to be; the less internal
investigation, the less things we find out.

Let me talk for a second about suspension and debarment. The government very
rightly doesn't want to have companies working for them that are crooks. Let me
give you an example, though, of what government are we talking about.

We had a case where one of our employees pled guilty when I was with G.E. He
was actually an old RCA employee. He got sentenced, to I think, a year. The
government prosecutor and the defense lawyer said, "That's too much. We
really would like for this guy to get work release. He's not a bad guy. He's
cooperating."

They came to us and said, "Will you put him in some sort of commercial
job just so he doesn't work for the government anymore so we can go in on a
joint Rule 35 motion for reduction of sentence to have him put on work release?"
I did it. They went in. He got reduced.

Flash forward, I'm now in front of the government suspension and debarment
authority a couple of months later, and they said, "Why is this guy still
working for your company?" I said, "The government asked us to keep
him employed." He said, "What government was that?"

I said, "It was the Department of Justice." They said, "That's
not our government." And then he gave me an example. He said, "You
know, we had a paraplegic we caught stealing two aspirin. We fired him."
I said, "That's not my company."

The government is not a homogenous single organism. It is a hodgepodge of
people who rarely share the same ideas or agendas. What are the lessons we can
learn? First of all, you are listening to people who have been involved in the
defense contracting community. So why is that relevant? Well, a couple of
reasons. Number one, our past is your future. The government is coming after
everybody. We just happened to go first. Environment, health insurance,
safety, everything is coming under the gun. The cross hairs of the government
are very tightly focused. They are coming.

The guidelines are in large part consistent with, and I in think some parts,
even modeled after the DII guidelines. So we have lived under them for ten
years, and, therefore, we might have some insights that help you.

What have we learned? Simple, yet profound. We've got dozens of departments
and commissions, hundreds of agencies, hundreds of thousands of people. They're
not singing from the same hymn book. They don't even know there are others in
the choir. And when they do, they don't really care. So what you get isn't the
complex harmony of a Mozart, but the cacophony of a construction site in
downtown Chicago or New York City.

And as Eleanor stole my punch line, the reality is that there is no grand
government strategy. The fiction we indulge in is that we have to act as if
there were such a strategy. And therein lies the risk for companies and the
challenge for government. Government could not only make the private sector's
life a little easier if it tried to reconcile these discordant policies, but
would probably be a lot more successful in helping us all achieve some
fundamental and worthwhile goals that are embodied in the sentencing guidelines.
If only we could all agree what those goals are. Thank you very much for your
attention.

OTHER COORDINATION ISSUES AND PROPOSALS

MR. SWENSON: Our next speaker is David Yellen. David is an associate
professor of law at Hofstra University and, accordingly, represents a somewhat
different perspective than our prior two speakers. But I think it would be
wrong to assume that his is the perspective of an ivory tower because David has
been a very active participant in policy issues, both in his prior life as an
assistant counsel to the House Judiciary Committee and more recently, while at
Hofstra, through a number of policy-oriented writings, including a very
interesting law review piece on the coordination issues that he is going to talk
about. David also served as an advisor to the Clinton transition team on some
of these same issues. David Yellen.

MR. YELLEN: Thanks, Win. Several years ago, I was the reporter to a special
ABA committee that was set up to study the collateral consequences of
organizational convictions, and we came to some conclusions that are not very
surprising to anyone in this room, and certainly not after hearing Eleanor and
particularly Bill. We found that there is a panoply of overlapping, sometimes
inconsistent, unpredictably enforced civil and criminal sanctions that are
available when an organization, a corporation, has committed some kind of
misconduct. There really isn't a great deal of coordination between the
different parts of the government. Despite what Bill said, I still think of it
as one government, but there isn't a lot of coordination. And the sources of
that lack of coordination are pretty straightforward as well.

First of all, you have Congress, which is not well-coordinated just on its
own. Congress has become increasingly in love with criminal penalties in the
last 10, 20 years. I guess de Tocqueville wrote many years ago that, in
America, all issues of public concern wind up being matters for law and courts.
Nowadays you can modify that to say that virtually all issues of public
importance wind up being matters of criminal law. And Congress has gone way too
far in criminalizing conduct that probably could be better handled civilly.
When something is a crime already, Congress loves to just pile on additional
penalties. And when that isn't enough, Congress loves to pile on mandatory
sentencing laws.

I don't want to give them any ideas, but in some ways it's surprising that
there hasn't been an effort to come up with some kind of mandatory minimum
sentencing laws for white-collar and organizational crime as well as drug crime,
where it principally resides. And then you add to that - so that's the Congress
side. And then, of course, the agencies, we've heard a lot about the way, just
how difficult it is for an enormous agency like the Department of Defense to
coordinate its own efforts to enforce the various laws, let alone to expect any
reasonable amount of cooperation and coordination across agencies.

One thing that did concern me about what Eleanor Hill said was in terms of an
earlier effort where all the different parts of the Department of Defense that
had responsibility for criminal and civil - all the different sorts of
enforcement - when they did start talking a lot more, if I heard her right, she
said that the great result was that every single type of enforcement action went
up and there was more recovery of every kind. To me, that's not necessarily the
goal of an effective coordination policy. It may be that you want less of one
kind, more of another, more focus, more principles underlying what exactly the
government is going to do.

So our conclusion was that there were problems with the lack of coordination
from Congress and from the agencies and that more coordination was necessary.
In particular, we focused on punitive sanctions. Obviously, criminal sanctions
are punitive, and a great many sanctions that are denominated as civil are,
nonetheless, punitive. And after the Halper decision from the Supreme
Court a few years ago, it is necessary for courts to think about whether
sanctions labeled as civil are, in fact, punitive to avoid double jeopardy
problems.

In addition, we thought that theories of punishment that I will talk about a
little bit also called for greater coordination in the sanctioning of
corporations, and we called upon the government in general to start thinking
more carefully about those issues. I don't think a lot has really come of that
in the intervening years. As Win mentioned, I did a little bit of work advising
the Clinton transition team on white-collar crime enforcement policies, and I
talked a lot to them about this kind of coordination issue, these issues, and I
haven't seen a lot of evidence of any real change in that area.

Also, I think the Sentencing Commission, which ought to play a central role,
being a smaller, more well organized entity than something as sprawling as, say,
the Department of Defense, the Sentencing Commission can play a crucial role in
encouraging greater coordination of sanctions. And I think this is one area,
although they have done a tremendously admirable job in many respects with the
organizational guidelines, I think they missed an opportunity here. In one of
the earlier drafts before the final guidelines that were promulgated, there was
a provision that authorized judges to consider when imposing a criminal fine on
an organization whether there had been or were likely to be punitive civil fines
imposed; and if so, to have some kind of offset. And without any real
explanation, that provision was dropped from the final guidelines that went into
effort. So I think there is more the Commission can do as well.

I am not going to try and solve these problems, the broad, massive problems of
coordination of all the government's enforcement efforts today. I really want
to talk about compliance programs and address the question of whether our
treatment of compliance programs can have a positive effect in encouraging the
government in all its forms to engage in more coordinated sanctioning activity.

Before getting to that precisely, let me start with some fundamental questions
about compliance programs that have been addressed only slightly in this
conference. We all assume that it is good and proper for the Sentencing
Commission in the organizational guidelines to give a very serious reward to
companies that have had an effective program in place. Why is that? Why is it
that we think it is right to do that - because what we are really doing is
rewarding failed efforts at compliance. That may be a little bit unfair to say.
If a compliance program reduces dramatically the amount of crime committed by
its employees overall it's not a failure. But we are not talking about
rewarding corporations for the crimes that weren't committed. Rather, we are
talking about rewarding them when a crime has been committed and reported and
investigated and prosecuted.

So why should we do that? You might say that individuals don't get an
opportunity to stand up there and say to a judge, look, Judge, I really tried
hard to not break the law, I wrote myself notes every day, I talked to my
spouse, and I just couldn't stop myself.

Individuals don't get to do that, so why do organizations get to do that? And
we could also say a little more seriously, why shouldn't effective compliance
programs be their own reward? In other words, if companies can come up with
truly effective compliance programs, truly effective means they're going to
significantly reduce the misconduct by their employees. Why shouldn't we let
the marketplace work and say, you know, let that be your own benefit, that you
have less exposure to government enforcement actions, as well as the
psychological benefit of feeling like you are doing the right thing.

Well, I think that at least as far as criminal liability for organizations
goes, that is not the right answer. I think that is the wrong approach, for a
couple of reasons. And to answer that, we have to first consider the two main
rationales for criminalizing corporate misconduct. I do not want to sound too
much like the ivory tower law school professor that Win, thankfully, said I am
not, but a little background on the elementary purposes of criminal punishment
is appropriate here. The main ones that are applicable to organizations are
deterrence and retribution. Deterrence obviously plays a major role in
punishing corporate misconduct. We punish companies so they won't do it again
and so other companies will learn the lessons and they won't do the same kind of
things.

Retribution ought to, in theory at least, have a much lesser role in
sanctioning organizational misconduct. A company is not a person. As Professor
Coffee from Columbia wrote a long time ago, citing an old case, it doesn't have
a body to be kicked or a soul to be damned, so why do we think about punishing
organizations for punishment's sake?

But I think clearly in modern times, with the attention that has been paid to
corporate misconduct, people think about a need to punish companies that have
done wrong, whether it is Exxon with the oil spill or lots of other situations
as well. So these twin aims of the criminal law are really in force in how we
deal with corporate misconduct.

So let's consider briefly the relationship between these goals and compliance
programs. First, deterrence and compliance programs. As I mentioned, we might
want to say, we could think about saying that good programs will be their own
reward, and why should we give any additional benefit to companies that have put
in place a program but the program hasn't worked on this occasion? That
argument would have one benefit, I think, which would be to make companies focus
exclusively on programs that really work and not at all on a real problem, which
is programs that look good whether or not they really are going to have the kind
of effect that we hope they do.

On the criminal side, though, this is inadequate. That deterrence argument
that economists might make I think would not work, and that is because of a
couple of things. First of all, how infrequent corporate prosecutions are. We
have heard a lot of talk about - you saw a chart earlier today before the
guidelines and under the guidelines. There are just a couple of hundred
convictions a year in federal court of organizations. So if you were a rational
corporate executive trying to decide simply in terms of your criminal liability,
despite what the sentencing guidelines offer you for having an effective
compliance program, you might, especially if you are a large corporation who has
a very small chance of being prosecuted criminally, you might decide it is just
not worth the effort and the money. It is very unlikely we are going to ever be
prosecuted for a crime, and it is just cheaper in the long run not to bother
with a compliance program under those circumstances.

Well, we as a society really want to encourage the kinds of efforts at
compliance that we have heard a lot about here in the last two days. So I think
it is entirely appropriate that, even despite what cost/benefit analysis might
say, we come up with a way to strongly encourage companies to make serious
efforts at compliance with the law.

We could do that in two ways. One way would be to increase the frequency of
criminal prosecution or to increase the severity of the sanctions that are
imposed when companies are prosecuted and convicted. The other way to do it
would be to reward good efforts at compliance. From a deterrence standpoint, it
really doesn't matter which way you go. Either way could conceivably have the
same kind of effect. And that's where retribution comes in. You know, to put
it in terms of the title of this conference, why should we choose carrots over
sticks? And I think the answer is because we and government law enforcers
believe that companies that have made a strong good-faith effort at complying
with the law are less culpable than companies that haven't done that, and they
ought to, in a sense of justice and fairness, receive a reward for their
compliance programs.

Now, that is somewhat at odds with the respondeat superior principle
which says that a corporation can be criminally liable for the acts of any of
their employees within the scope of their employment. So we're saying you can
be prosecuted for anything any of your employees do, but we are not going to do
it when you have taken steps to comply with the law. The respondeat
superior principle is very troublesome to those of us who believe that the
criminal law ought to be used when necessary but no more than necessary. And,
in fact, I think the Sentencing Commission has stumbled across - I am not sure
this was completely what they had in mind - but they have come to a really good
middle ground between the respondeat superior principle that prevails in
federal court and the position urged by the Model Penal Code, on the other hand,
which is that companies can only be criminally liable when there is high
managerial involvement.

In fact, I think it could be argued that the Sentencing Commission should have
gone further. If they really believe in their principles, as I am sure they do,
they could have gone further and said, for example, that a company that has a
truly effective compliance program, maybe they should receive no fine
whatsoever, no criminal fine at least. And, similarly, the courts - there was a
Rutgers Law Review article written recently by two New Jersey lawyers - I am
sorry I cannot remember their names at the moment. It was a very good article,
and they argued that there ought to be a criminal defense based on an effective
compliance program. And I personally am very sympathetic to that. So I think
the role of compliance programs in criminal prosecutions should, in fact, be
even greater than it is today.

The more difficult question is: what should the role of compliance programs
be in affecting punitive civil sanctions? It is always hard to define what
component of a civil sanction is, in fact, punitive, but we have an obligation
to try and do that already under Halper. My own view is that an
effective compliance program should not result in no punitive civil sanctions
being imposed. I think both the deterrence arguments and the retributive
arguments are different when you are talking about non-criminal prosecutions.
But I think they ought to have a serious effect on reducing the company's
exposure.

What we would wind up with, then, is great benefit criminally if you have an
effective compliance program, a good but lesser benefit in terms of punitive
civil sanctions, and probably no real benefit in terms of purely remedial civil
sanctions.

One of the benefits of this approach, I believe, would be to steer government
regulators further towards punitive civil sanctions as opposed to criminal
prosecution because they would not be faced with the likelihood of getting no
fine for a company that had a truly effective compliance program. And I think
that would be a good result for the reasons that I stated about the
over-extension of the criminal law.

Now, how should this come about? I think, again, there ought to be a role for
Congress to play in this in not simply passing a hodgepodge of laws, whatever
seems to be a concern at the moment, and pile on some sanctions; rather,
Congress ought to do a better job of thinking about what their goals are in
having various kinds of sanctions. I am not too optimistic about that, having
worked in Congress, even less so today than when I worked there eight or nine
years ago. The agencies themselves have an obligation to do their best, and
some agencies are really working hard at this, at least internally within their
own structure. But, again, as we heard from Eleanor Hill, with a vast
government bureaucracy across many agencies, that is very hard to do. But there
needs to be more effort.

Again, the Sentencing Commission should really take the lead, as they are
trying to do with this kind of conference, to define what is an effective
compliance program, to talk about what ought to be the effect not just in
criminal cases but on the civil side as well of a truly effective compliance
program.

My hope is that if that effort comes out of this conference and the other
things the Sentencing Commission is doing, we might begin to see the way out of
the lack of coordination mess that you have heard about from this panel. If we
can come up with a better way to coordinate the effect on various sanctions of
an effective compliance program, that will have the effect not only of
encouraging better efforts, more productive efforts at companies complying with
the law, but maybe the government regulators and Congress and the Sentencing
Commission can learn more about ways to come up with broader standards of
coordination on all of the issues that we have been talking about today. Thank
you.

QUESTIONS & ANSWERS

MR. SWENSON: Thanks to our whole panel. I must say I think those were very
provocative and helpful comments. We do have a number of questions from the
audience. Let me ask one to Bruce Drucker first.

The question is: could you respond to Bill Lytton's suggestion about
requiring whistleblowers to go to the company's ombudsman - let's just say not
necessarily the ombudsman, but to the company - before filing a qui tam
suit? And we had a second question which maybe Bill can keep in mind, and,
Bruce, you might want to respond to it as well, which asked about a company
policy and whether this might be enforceable, that would require employees to go
to a company hotline 60 to 90 days prior to going to the government to file a
qui tam action. Did I get the waters too muddy?

MR. DRUCKER: No, that's all right. I think I'm there. With respect to Bill's
comments about a requirement for a corporate employee to notify the company,
actually there have been similar proposals put forward with respect to whether
government employees could be qui tam relators or not because there was
a similar problem within the government. I believe in both instances that the
opportunity to advise, in the case of a government employee, the appropriate
officials in the government and, with respect to corporate America, advising the
corporation of the problem would be, in fact, an appropriate means. I think it
is entirely consistent with the intent of the qui tam statute. It would
provide no bar to the employee or additional counsel ultimately making the
government aware of the issue. This gives both the government and the company
the opportunity to approach it in a voluntary disclosure mode, a less
adversarial mode, if you will. And I think both interests are served.

The qui tam statute was created at a time when there was not
sufficient government investigative and prosecutive resources to find all these
things, so its concept was to get the public to participate on behalf of the
government. Well, now we do have far more resources, and there is a
relationship, a framework within which we can operate. So I think it would be a
positive step.

MR. SWENSON: Bill, do you have anything you want to add to that? It sounds
like you have worked out a deal.

MR. LYTTON: I am glad that Bruce has finally seen the light. No, I don't
have anything to add. I don't see why we don't do it.

MR. SWENSON: Why don't we do it?

MR. LYTTON: Well - you want me to get political here - because there's a very
powerful senator who thinks it is a great idea. There is a very powerful group
of lawyers who bring these types of actions who make a fortune off of it, who
have done a very effective job of lobbying, and because the media loves
whistleblowers. And any effort that is perceived to be something that would
reduce the ability of whistleblowers to blow the whistle - which I don't think
this would be - gets jumped on.

So we are swimming upstream because whistleblowers get a lot of attention.
And when you really get down to the nitty-gritty and try and deal with reality,
a lot of people just don't want to hear it.

MR. SWENSON: I think bringing the political dimension into this is pretty
useful. David, you spent some time as a congressional staffer and have seen
this up close. Do you have some perspectives on this narrow issue but also more
generally?

MR. YELLEN: Well, actually, I want to ask Bill a question. I haven't talked
to a lot of people who have filed qui tam actions, but I assume it is a
pretty hard step for an employee to take. I mean, you are hoping that you are
going to make enough money to buy a house in the islands and retire, but you are
taking some real risks in doing that in terms of your employment with your
company.

What if it turns out that your claim is wrong and you get nothing? What is
your future like at that company? So I think it is probably a pretty hard
choice.

I wonder, have any companies - or is there any legal reason they can't do this
- have any companies tried to offer financial incentives to employees to report
things internally rather than going the lawsuit route? Assuming that Congress
is not going to do what you want, why don't companies take some steps to try and
encourage it?

MR. LYTTON: Two things. When I was with G.E. Aerospace, I proposed that we
have a compliance award that we give out to people who had done exemplary
things, not that they had necessarily turned in people, because there is a
political problem internally if you are going to offer a bounty if you turn in
your buddy. But I was trying to make it as pure as possible. I said, "Let's
give awards to people who are exemplary, who come up with new processes, or who
reduce the emissions or something like that." I talked about this at
several of our plants. I did this in Camden, New Jersey. And the leader of the
union there was outraged that I would suggest that we reward people for doing
what they should be doing anyway. So that was a very interesting reaction that
we had.

On the other hand, we did institute a type of program like that, and I will
tell you an example. We gave a plaque to an employee down in Daytona, Florida,
for having done something positive, and I sat with her at the lunch table when
the award was given out. She was very proud. And I said I would visit her when
I was next down at Daytona, which I did. And I went to her work spot, and her
plaque wasn't there. And I said, "Where's your plaque?" She said, "I
took it to my church." And the impact that that had had on her and how
proud she was really something.

So I think you can do things to encourage employees to do the right thing, but
remember - and to your point about whether a compliance program is successful or
a failure. We are asking companies and organizations to do that which the
family, the churches, and the society have failed to do. We want to have a zero
defects society in our organizations, and we don't have it. And the fact that
we have one or two or 15 or 50 employees who violate the law is not remarkable.
Indeed, I did some studies once that showed that if you were a Department of
Defense civilian employee, you were up to 20 times more likely to violate the
fraud statutes than if you were a General Electric employee, based upon people
who had been tried and convicted. It does not say that DOD is a bad group. It
does not say that G.E. is a bad group. But I think we need to view this all in
a larger perspective.

MR. SWENSON: I think it is the case that there is a lot of interest in
whistleblower incentives on the Hill. I guess there is one particular senator
who has been a prime sponsor of the qui tam actions, but there also have
been bills introduced more recently to expand the bounty concept. We have a
couple of questions about qui tam and those kinds of laws.

If I can sort of merge them together, one of them really just says that these
statutes have done very nicely in terms of recovering dollars that would
otherwise not have been recovered.

And a second question asks your thoughts on real, actual, not hypothetical
cases in which an employee or agent of a company charged with undertaking
compliance didn't first go to the company. I guess the suggestion of the
question is there have been a number of cases where somebody did go to the
company first, didn't get a response, and that that's the more typical example.
Is your understanding different?

MR. LYTTON: The first question you asked was, you know, these have produced
results that would not have otherwise occurred. Yes, I think that is right,
maybe, but we don't know. But my proposal, I think, would produce as much or
more.

It is really not my proposal, by the way. I didn't think of this. As Bruce
mentioned, there have been many suggestions on this. I have plagiarized this,
as I do most good ideas that I have.

If you want real-life examples of where people have filed qui tam
where they did not go to the company first, the famous G.E. aircraft engines
case involving Israel and General Remi Dotan I think is a perfect example of
where an individual by the name, I believe, of Chester Walsh observed the fraud
against G.E. and the United States Government and against the Government of
Israel, did not go to his company because he said he was afraid of being killed
- Jack Welsh is a well-known gunslinger - and instead went to a plaintiff's qui
tam lawyer, and they watched the case grow, I think from a $12 million to
$40 million fraud during the couple of years that they sat on it, and they only
filed a qui tam when Remi Dotan was arrested in Israel, and they
immediately filed the lawsuit. So that's one example. I think there are any
number of examples.

Now, where an employee comes to us - and this has happened to me - you get a
letter that says Joe Blow's a crook, and he's ripping off the government, and
you better do something about it or else I will.

Well, I've got to figure out who is Joe Blow, where does he work. Now, in
this company, I have 170,000 employees. When I was with G.E., I had 240,000 or
something like that. Who is this guy? Does he have anything to do with the
government? And now I've got to investigate it. When I was a federal
prosecutor, you know, the FBI has the luxury of investigating these things for
three, four, five years sometimes. I've got a couple of days, and if I don't do
something immediately, I may be in jeopardy.

So what I typically do is I call Bruce Drucker, and I say, "Bruce, I
don't know what I've got here, but I'm letting you know that I've got this, and
if it turns out to be something, I'll be back to you." And as I say, DOD
IG works great. Whether that's going to work with other agencies like that, I
don't know. But I think there are certainly examples - and I think the Dotan
case is perhaps the best example that I know of - where a
qui tam relator went to his lawyer rather than to his company. The
damage escalated geometrically, and he made a lot of money. So did the lawyer,
by the way.

MR. SWENSON: Bill, you made the point in your direct remarks that when
companies voluntarily disclose to the Defense Department, part of the final
resolution of the case - assuming that they don't fall into that statistical
anomaly of actually getting criminally prosecuted or suspended, very few cases
there - but they still may end up paying substantial double or treble damages
under the False Claims Act.

Bruce, do you think there should be more accommodation for sorting out the
good citizen corporations among the voluntary disclosures - for example,
companies that have committed to strong compliance efforts versus those that
haven't?

This is not directly your bailiwick, but what do you think the policy ideas
are behind having double to treble damages for companies that, let's say,
voluntarily disclose and also meet additional mitigating criteria - fully
cooperate under the program, maybe to the nth degree?

MR. DRUCKER: Well, I think that a part of the theory that is used, the policy
approach that is used in dealing with resolution of voluntary disclosure cases
is that the statute itself provides that in the case of a truly voluntary
disclosure, which is one where a company finds wrongdoing and within a period of
30 days investigates it, identifies it, and fully cooperates with the government
in resolving the issues in the case, that the statute itself calls for a double
damage application in lieu of a triple damage application that would be provided
for in a non-voluntary situation, an adversarial situation, if you will.

So I think part of the thinking that goes into the application of the double
damage, even in a voluntary disclosure, is that the case is being settled under
a statute that itself provides a reduction - a sufficient statutory reduction.
Whether or not that is, in fact, a true incentive to disclose, i.e.,
that it is double versus treble damages in a situation where a company is fully
cooperative, as you put it, to the nth degree, there have been cases that I am
aware of in disclosures where we have ended up with resolutions of settlements
for singles. I am not saying that that is the norm, but it has occurred where
the Department of Justice is willing to negotiate for what the single damage
amount plus interest was as a resolution of the matter financially.

There is a judgment factor involved there I think that needs to stay, and that
is the extent of cooperation, the extent of participation, varying levels of
responsibility within the company.

Bill alluded earlier to and I believe one of the other speakers mentioned the
concept of respondeat superior. Well, it depends on whether it is Joe
Smith that Bill alluded to earlier that is a line supervisor at the production
plant at Fort Swampy or it's Bill sitting at corporate headquarters that knew
about and participated in the scheme. And that is where I think we have got to
give greater credence to how do we temper what action we take with respect to
the corporate liability, i.e., how much was the corporation involved;
and if it does cooperate, does it have a strong compliance program, did
voluntarily disclose and it is at very low levels, I think we have to take that
into account in determining double or single damage.

MR. SWENSON: But your policy at this point - there is no concrete written
policy that can be pointed to?

MR. DRUCKER: No, there is not.

MR. SWENSON: Do you think that the Defense Department should move in that
direction?

MR. DRUCKER: The problem that we have is that in resolutions of these cases,
particularly with the damage aspects of it, the Department of Justice is, both
by its mission and by the agreement that we have with Justice as to how the
program is administered, responsible for those determinations. We have open
discussions with DOJ at very high levels of both the Department of Defense and
Justice in how we are and have been administering this program. So I think that
is one of the issues that is going to be looked at, is the approach to the
monetary resolutions of the case. We may well come out with a final policy.

MR. LYTTON: Could I just comment on that? I think that the DOD's mission is
different than DOJ's. DOD's mission is to stop the fraud, clean up the
companies - a laudable mission. DOJ's policy is to get money. Prosecutors
suffer from a prosecution complex. As one former prosecutor said, "It's an
unnatural act not to prosecute somebody." He's now a defense lawyer and,
of course, has seen the light, has had a lobotomy, as we all have. But I think
in terms of settling civil cases, in my experience dealing with the Department
of Justice, less attention is paid by them, in terms of the amount of the fine,
to what type of compliance program you have than what you would normally have in
any civil settlement; they pay more attention to the strength of the case. And
if you can convince them they don't have a strong case, you're much more likely
to get those damages down than if you go in and say we're really good guys. So
I think that where you get the lower damages as an agreement in a settlement, it
may be more as a result of the weakness of the government's case rather than the
strength of the company's compliance program.

MR. SWENSON: We have a number of more questions, but we really have run out
of time. So I would like to thank the panel and say that I think some of the
issues that have just been raised are a nice segue into our next panel, where we
will have representatives of the Justice Department talking about what their
current policies are. Our thanks to the panel.

QUESTIONS & ANSWERS - WRITTEN

Bill Lytton

Q. Could an early disclosure to the government, if it erroneously reports an
alleged crime by an employee, lead to a later civil action by that employee?
How do employee rights figure into decisions to disclose about employee actions?

A. Almost any employee can sue his or her employee for anything. It is
possible that an employee who was the subject of a disclosure that turns out to
be incorrect could sue the employer. However, the employer should be able to
argue that it acted in good faith, with a belief as to the truth of the matter
asserted, and there may be an argument that that type of communication has a
limited privilege which would shield it from being the basis for a law suit.

I am not aware of any such lawsuit having been filed, so I can only speculate
on what the result would be.

Q. In your experience, how does the government see "full cooperation"?
Does it mean full agreement with the government's position (e.g., your
cartoon)? What does full cooperation get you and what does it not affect?

A. "Full cooperation" is in the eye of the government. It is a very
subjective standard. The assertion of a privilege, the existence of a joint
defense agreement to which the corporation is a party, a disagreement about the
ultimate resolution - civil or criminal - can all be viewed by the government as
a lack of cooperation. And, some prosecutors or enforcement personnel would be
willing to use this as a threat - explicit or implicit - to obtain a result that
they otherwise might not be able to obtain. The thing to remember is that this
is not a level playing field that one might encounter in normal civil
litigation. As a rule of thumb, it is not a bad idea to assume that some
government personnel will construe lack of full agreement with the government's
position as a lack of cooperation.

"Full cooperation" can obviously be important if your company is
being sentenced under the guidelines. In the more normal circumstance, it will
make your life a lot easier, since the government may be less inclined to take a
full pound of flesh, and will probably be more willing to concede that the
company is "presently responsible," and thus can continue to do
business with the government.

Q. As a former Assistant U.S. Attorney and a current Defense Department (DOD)
employee, I would be interested in the study you referenced as showing DOD
employees 20 times more likely to violate criminal statutes than GE employees.
Where may we find your study?

A. There is no formal study. The statistics were pulled together for me about
five years ago by a paralegal. The statistics themselves are not important.
The point is that the fact that a member of an organization, whether large or
small, government or private industry, violates the law does not necessarily
lead to the inescapable conclusion that the organization is evil.
Unfortunately, this is the conclusion that some in the media and in the
government jump to when they learn that an employee of a corporation has
committed a crime.

Q. Why is the qui tam statute inconsistent with the sentencing
guidelines and their promotion of compliance -- if an employee discovers grounds
for a qui tam, compliance has failed, right? A meritorious qui tam
action is a sign that a company needs to work harder to incorporate compliance
into its culture. Comment?

A. The guidelines are inconsistent with the qui tam statute because
while the guidelines encourage and reward a company for having an internal
reporting system that results in the making of a voluntary disclosure , the
qui tam statute offers an employee a huge financial incentive to avoid
the internal reporting mechanism that a company has established. The government
should not actively seek to undermine a corporation's efforts to comply with the
guidelines.

The fact that an employee may think he or she has knowledge of a crime does
not mean that a company's compliance program has failed. No institution in our
society - the government, the churches, or the family - has been able to produce
a perfect society. Zero defects is the goal of every organization. The fact
that it is not achieved does not mean that the program failed. It may simply be
a reflection of basic human nature. If a vaccine can reduce the incidence of a
deadly disease from 30 percent to five percent, does that mean that the vaccine
is a failure?

Q. Qui tam with its bounty inducement has yielded many times more
dollar resources to the public fisc than has the industry-controlled company
self-governance programs voluntarily disclosed through the Defense Department's
Voluntary Disclosure Program. If bounties work, then what is your problem with
qui tam's obvious success?

A. Qui tam actions have resulted in many millions of dollars being
recovered by the government. It has also made some private bounty hunter
lawyers multi-millionaires, and it has been a windfall for the bounty hunter
employees. Every dollar these bounty hunters get is one dollar less for the
taxpayers.

We need to reexamine what our underlying policy goal is here. Are we trying
to encourage vigorous compliance programs and effective self-policing by
corporations who tell the government when the government has been cheated and
pay the money back? Or are we interested in perpetuating a system where greed
and bounty hunting lawyering are more prized? The present system encourages a
game whereby rich lawyers become richer. That seems to me to be awfully hard to
defend.

If we were to adopt a procedure such as I proposed whereby a qui tam
action could not be filed until 60 or 90 days after an employee has brought the
alleged crime or fraud to the attention of the company, the obvious result would
be more voluntary disclosures. A company would have to be nuts or awfully
confident of its legal position not to notify the government in such a
circumstance. The result would be more disclosures, more money to the U.S.
Treasury, and more bounty hunter lawyers looking for some other line of work.
Sounds like a win-win-win solution to me.

COMMISSIONER BUDD: Ladies and gentlemen, over the last day-and-a-half, we
have been talking about the organizational corporate guidelines, the developing
of effective compliance programs and standards, and the experience that various
corporations have had. We have talked about carrots and sticks. We have
speculated as to what the government wants, what the government is looking for.
And now I suppose we will hear firsthand of the experience and the views from
the perspective of the Department of Justice, which, as you know, is the
principal and I suppose the ultimate law enforcement authority in the United
States.

So what are the approaches? What are the policies of the Department of
Justice regarding these guidelines? How does the government view or treat the
good citizen actions, for example, voluntary disclosure, cooperation, and a
strong compliance program? How does this come to play in charging decisions?
When does the department decide to pursue a case perhaps civilly rather than to
go criminally? And whether or not the various divisions within the Department
of Justice approach these things in the same manner, or do they treat them
differently? Does the Department of Justice speak with one voice?

I am going to start our discussion this morning with Bob Litt, Deputy
Assistant Attorney General in the Criminal Division of the Department of
Justice. He graduated from Harvard College, and he topped that only by
attending the Yale Law School. He did clerk for Justice Potter Stewart of the
United States Supreme Court. Between 1978 and 1984, Mr. Litt served as an
Assistant United States Attorney in the Southern District of New York. He was
for a while a partner in the well-known firm of Williams and Connolly here in
Washington, D.C. So as our lead-off speaker in this morning's panel, I would
like to call on Bob Litt.

MR. LITT: Thank you, Commissioner Budd. I do welcome the opportunity to
address you all this morning and talk about the Criminal Division's views on
corporate compliance and criminal law enforcement. Just to anticipate what you
will learn in response to one of the issues that Commissioner Budd mentioned, I
think you will find that some of the divisions of the Department of Justice have
somewhat different approaches to these problems. I don't think there is
necessarily anything wrong with that. It develops out of the different
enforcement issues that we have and the different kinds of communities that we
deal with.

But I want to begin by thanking and congratulating the Commission for having
this symposium. It is all too rare for us to have an opportunity to exchange
views, not across the table where somebody is representing a client in a
litigation context, but rather, in a more informal and academic setting. And I
am pleased that we were invited and able to participate in this.

In recent years, the Department of Justice has come to focus more and more on
the importance of prevention and compliance, as opposed to enforcement and
punishment, as a means of effective law enforcement. If you want to police an
entire industry's practices, you frequently have to enlist the industry itself
in helping you. And so we are looking for ways to encourage corporate
self-policing. By this, I mean requiring or inducing corporate management to
take more responsibility itself for preventing and detecting employee
misconduct. This includes implementing comprehensive and effective compliance
programs to prevent corporate crimes, and it also includes voluntarily
disclosing criminal activity to the government when the company discovers it.

Some of the other sessions of the conference are talking about some of these
issues, and particularly the sentencing guidelines aspect of them, in greater
depth. I would like to describe for you what the Criminal Division views as an
effective corporate compliance program and also to talk to you a little bit
about the principal means that federal prosecutors have for inducing corporate
self-compliance, namely, prosecutorial discretion, voluntary disclosure
programs, and I will talk briefly about the sentencing guidelines.

One question that prosecutors are often asked is: what do you consider to be
an effective compliance program? Or to put it a little bit differently, what is
it that you want us to do?

There is no pat answer to that question from the viewpoint of the Criminal
Division. We don't have written guidelines, unlike the Sentencing Commission,
for what constitutes a good corporate compliance program. In our view, any
successful compliance program has to accommodate and be founded on the
particular business that the company is in, as well as the existing corporate
structure of the business. At bottom, the question that any prosecutor is going
to ask about a compliance program is: does it work? Is it effective in this
particular company?

Any prosecutor is going to recognize that no compliance program can ever
prevent all criminal activity by rogue employees. We are not going to expect
guaranteed 100 percent perfection out of you. Moreover, because each business
and each situation is unique, we don't expect somebody to come in and match
their compliance program up against the compliance program of another company
and say, well, since Company X did this and we did it, therefore we should be
treated like Company X.

What we want you to do, if you are ever faced with a situation where you have
to deal with a prosecutor and talk about a compliance program, is come in and
explain to us how your compliance program works for your company and why it is
effective.

Although we don't adopt a cookie-cutter approach to compliance programs, there
are certain overall principles about effective compliance programs that can be
drawn from the Department of Justice's experience. The most important is that
it is not enough simply to publish a corporate compliance program. We have seen
all too many instances of companies which have a nice compliance program with a
little gold seal at the bottom and a frame around it, and the company's officers
and employees go out and violate the law anyway because the program is not an
effective one.

At a minimum, to be effective a compliance program has to have the active and
full support of a company's top management. The program also has to have
concrete and specific measures to inform all of the company's employees of the
program and to convince them that top management is committed to it. Finally,
it has to be adequately staffed with people who are able to carry out the
program to investigate, analyze, and report violations when they occur.

There are many different ways of achieving these goals. I am sure you have
heard in other programs about some of the kinds of steps that companies have
taken: ombudsmen, review boards, internal audits, written standards of conduct,
ethics training programs, hotlines, newsletters and so on.

We are not asking you to adopt any particular one or combination of these
features. What is important, as I said, is that at the bottom line you are able
to come to a prosecutor and say, "Here's what we have done and here's why
this is really effective." Even though - if you are in a prosecution
context - somebody committed a crime, here's why our compliance program is good
nonetheless.

Now, prosecutors have long taken the existence of a corporate compliance
program into account in determining whether or not to bring criminal charges
against the corporation itself. As you all know, a corporation can be held
criminally liable for the acts of its employees within the scope of their
employment and undertaken for the benefit of the corporation. That does not
mean, however, that we are going to prosecute a corporation every time one of
its employees commits a crime.

A good corporate citizen, one that is devoted to an effective compliance
program, is much less likely to be prosecuted itself for the acts of its wayward
employees than a rogue corporation with a culture that encourages or condones
misbehavior. And, once again, I do want to caution you that prosecutors have
broad discretion in making their prosecutive decisions, and the exercise of this
discretion is going to depend on a wide variety of factors in each case.
Corporate compliance is just one of the factors that we will take into account.

But it is true that in deciding whether or not to prosecute a corporation,
most prosecutors will take a look at the compliance policies, take a look at the
preventive and reporting procedures that the company has adopted, judge whether
they were effective and appropriate given the company's size and type of
business, and give a company credit for that in determining whether or not to
prosecute.

In addition, it is also common for prosecutors, in making an agreement not to
prosecute a company, to require that the company promise in writing, to
establish a compliance policy if it does not already have one, or to strengthen
its existing policy and to report periodically to the government on how it is
working. In other words, even if you don't have a compliance program at the
time you come into the prosecutor's office, you ought to think about setting up
an effective one and offering this up as part of a plea bargain or an agreement
not to prosecute the corporation.

For example, within the last year, one United States Attorney's Office
declined to prosecute a major corporation in a fraud case. The company, when it
learned of the wrongdoing, promptly fired the responsible employees, made an
agreement to settle by paying restitution, and agreed to adopt a compliance
program in writing that required it to report to the government any allegations
about which it learns concerning potential criminal conduct involving government
contracts. In other words, this company got credit in the prosecutive decision
for, among other things, agreeing to set up an effective compliance program.

In addition to the issue of compliance programs, prosecutors will also
consider what the company did when it learned of the wrongdoing. The strength
of any compliance program and of any corporate commitment to good citizenship
can be measured in part by whether the corporation acts promptly and diligently
in detecting and correcting employee misconduct. While voluntary disclosure and
cooperation with the government do not guarantee that a corporation will not be
prosecuted, prosecutors often will give them great weight in making that
decision.

In general, if a company promptly discloses wrongdoing, makes full restitution
to the government, and takes swift disciplinary action against the employees
engaged in the misconduct, a prosecutor may conclude that the federal interest
in prosecuting the corporation under these circumstances is significantly
lessened. And this is also something that you can see in many cases that you
will read about in the papers, in which companies have come in, they have
cooperated, they have reported themselves, and ultimately whatever action the
government takes against the individual wrongdoers, the government does not
prosecute the corporation.

In certain areas, this prosecutorial consideration of voluntary disclosure has
been formalized in voluntary disclosure programs, such as the Department of
Defense program discussed this morning, which has been operating since 1986.
More recently, the Department of Health and Human Services and the Department of
Justice have undertaken a pilot voluntary disclosure program.

Each of these programs provides significant incentives for corporations to
disclose violations and to put into place programs to prevent violations in the
future.

Generally speaking, a voluntary disclosure program follows a well-outlined
path. Companies disclose wrongdoing by submitting a report to the enforcement
arm of the investigating agency, which details the wrongdoing and provides the
results of their internal investigation. If the agency determines that the
disclosure is voluntary, that is, it is not prompted by the threat of discovery,
the company and the agency will sign a written agreement that sets forth the
parties' rights and obligations. Companies that are admitted to the program are
expected to cooperate fully in the government's investigation and to take
appropriate corrective and remedial action.

One of the hallmarks of a voluntary disclosure program is that the prosecutive
decision made by a United States Attorney's Office is also reviewed centrally in
Washington to ensure a certain degree of consistency and uniformity in whether
these prosecutions are brought or not. From the corporation's point of view,
the corporation expects that it will be afforded leniency both in the
prosecutive decision and in any determination whether to debar the company.

I would just emphasize what I am sure is familiar to most of you: that these
voluntary disclosure programs apply - at least those that the Criminal Division
administers - only to the corporation itself and not to any individuals involved
in the wrongdoing. Even if there is an agreement not to prosecute the
corporation, corporate employees or officers can still be prosecuted.

Generally speaking, in determining whether or not to prosecute a corporation
that is participating in a voluntary disclosure program, the prosecutor is
going to consider factors such as the candor, completeness, and promptness of
the disclosure, the extent of the fraud, the pervasiveness of the fraud, the
level of corporate employee involved in the fraud, the cooperation that the
corporation gave during the government's investigation, and the remedial action
taken by the corporation, including disciplinary action, restitution, and
changes in or the institution of a compliance program.

Some of these factors can be more or less important in individual cases, but I
think that in most cases two factors are the most important for prosecutors.
One is the nature of the disclosure. Was it timely and candid and complete?
Prosecutors are really going to take a look at whether the corporation came in
at the outset and made a full disclosure of what was found, or whether the
corporation came in with an attitude of, "Let's disclose a little bit,
let's see what we can get away with, let's resist and try to make the minimum
possible disclosure."

Prosecutors will also examine the circumstances of a disclosure carefully to
make sure that it was, in fact, a truly voluntary disclosure and not one that
was prompted by the issuance of grand jury subpoenas or a whistleblower or qui
tam action.

The second critical factor that a prosecutor is usually going to consider in
determining whether to prosecute a company under a voluntary disclosure program
is the extent and nature of the company's cooperation during the government's
investigation. A company will get far more credit for taking prompt and
effective action against its own wrongdoers and for demonstrating in concrete
ways its commitment to ensure that justice is done than for reluctantly or
unwillingly aiding the government while secretly trying to protect its officers
and employees. I recognize that this can be a painful process for a
corporation, particularly when high management is involved in the offenses; but
if a corporation wants to get credit from the government for good citizenship,
it has to demonstrate its commitment to compliance when compliance is painful as
well as when compliance is easy.

In assessing the extent of a corporation's cooperation with an investigation,
prosecutors are frequently going to require that the corporation produce
documents to government, including internal investigative reports, audit reports
and work papers, memoranda and notes of interviews of employees, descriptions of
what files have been reviewed, technical assistance in auditing or contracting
or other matters, and basically anything else that the prosecutor wants. I
recognize that those of you who are corporate counsel probably are chilled by
this idea. You are not used to the idea of turning these kinds of files over to
the government. It goes contrary to your very nature. But we want to encourage
corporations to commit themselves fully to compliance and cooperation with the
government.

Bill Lytton earlier talked about some of the calculations that a corporation
may go through - "Well, I might not get caught, or the cost of compliance
and restitution may be great." You can make those calculations if you want
to, but don't expect us to give you credit for them when you get caught.
Half-measures by a company will not get full credit from the government in our
prosecutive decision-making.

I believe that for most corporations, and in particular for publicly held
corporations, the alternative of an indictment, a trial, and a conviction is far
more damaging than the choice of cooperation with the government.

Finally, the operation of the new organizational sentencing guidelines offers
further inducements to corporations to adopt effective self-policing and
disclosure programs. As you no doubt have heard from others, the guidelines do
provide a specific listing of factors to be taken into account in determining
whether a compliance program is effective.

You can probably tell from the remarks I have made so far that these
sentencing guideline rules in many respects are consistent with our own views in
the Criminal Division. Over the years, prosecutors have gained substantial
experience in identifying the characteristics that determine a corporate good
citizen. In light of the paucity of prosecutions under the organizational
sentencing guidelines, it is still too early to predict the extent to which
these guidelines are going to influence prosecutors in their own determination
of what is or is not an effective compliance program. However, I can probably
predict that there is nothing in those sentencing guidelines that is going to be
inconsistent with the views that prosecutors are going to take of what is an
effective program.

Each of the factors that is included in the guidelines can be an important
factor in an effective compliance program. In specific cases, some may be more
important than others, and some may be less important. We hope over time to
work with the Commission and its staff to refine the guidelines and our own
approach in the light of our mutual experience. But we do believe that, in
principle, the consideration of these factors of an effective compliance program
for sentencing purposes will provide additional encouragement for you all to
induce the adoption of effective compliance programs in your companies. In the
long run, the most important result of this will not be the benefit that you get
at sentencing or in prosecutive decisions, but the benefit that you get from
instituting an effective compliance program that stops people from violating the
law.

I have discussed several ways in which the law and law enforcement encourage
the concept of the corporate good citizen. We want to increase compliance and
enforcement by enlisting the help of you all to prevent crime before it happens
rather than using the much blunter tools of the criminal law to punish crime
after it happens. Corporate self-policing in the long run will reduce your
costs and our costs as well. By presenting concrete incentives to companies to
come in and establish compliance programs and to voluntarily disclose their
wrongdoing, in the long run we hope to benefit law enforcement and society as a
whole. Thank you.

RONALD A. SARACHAN

COMMISSIONER BUDD: Our next speaker is Ron Sarachan. Until about a year ago,
Mr. Sarachan was the section chief of major crimes at the U.S. Attorney's Office
for the Eastern District of Pennsylvania. Most recently, he has been holding
down the position of Chief of the Environmental Crimes Section of the
Environment and Natural Resources Division at the Department of Justice. But
Ron didn't come to this job without experience in the environmental area.

While in Philadelphia, he co-founded and chaired the Philadelphia
Environmental Task Force which coordinated federal, state, and local prosecution
of environmental crimes. Prior to joining the Department of Justice, Mr.
Sarachan served as a special assistant to the director of the Rhode Island
Department of Environmental Management. He also had a stint in the private
practice of law in New York City.

Ron Sarachan received his bachelor's degree magna cum laude from Brown
University in Providence, Rhode Island, and he took his J.D. degree from the
University of Michigan, also magna cum laude. With that, I would like to bring
to the podium Mr. Sarachan. Ron?

MR. SARACHAN: Thank you. Thank you for this opportunity to speak and
particularly for this format where, as Bob Litt said, it is nice to be able to
talk about these issues when we are not thinking strictly about a specific case.

I will focus on environmental crimes, of course, and build on the comments
that Bob Litt made. In the environmental area, as in other areas, we are very
concerned about voluntary compliance and compliance programs, and I will try to
explain why.

The Department of Justice has had a formal policy for four years to encourage
self-auditing, self-policing, and voluntary disclosure of environmental
violations by the regulated community, and I will address that policy in more
detail.

I will try to cover three topics. One is violations in the context of
existing compliance programs. By that, I mean cases in which crimes are
committed when an organization has a compliance program and how federal
prosecutors look at that. The next topic is compliance programs that are
imposed as part of sentencing. In other words, there is no program or no
effective program and one is imposed as part of an organization's sentence. It
is a separate but very important issue under the guidelines. And, finally,I
will address some brief observations about environmental crimes in Chapter
Eight.

First, let me put some issues in context. Let me ask folks here: how many of
you have represented an organization that has been prosecuted criminally in
federal court for an environmental crime?

A few hands. That is actually consistent with my experience. The vast
majority of environmental violations are not handled criminally. The government
response ranges from informal contact by regulators, formal administrative
action, civil enforcement, and, finally, criminal enforcement. And it is a
pyramid with a very broad base. So the majority of violations are going to be
handled by the regulatory agency. Criminal prosecutions, as you could see from
the very small number of people raising their hands, are the tip of that
pyramid, and a small tip. And that is appropriate. Criminal enforcement is one
tool. It is only one tool. It should be reserved for egregious cases.

In addition, as other speakers have said, there is no way for the government
to be everywhere to monitor everything. That is certainly true in the
environmental area given all the facilities subject to regulation.
Environmental laws rely in a fundamental way on self-reporting and the honesty
of the regulated community and the openness of the regulated community. As a
result, the environmental laws, as you know, impose many mandatory disclosure
and reporting requirements. They create a structure in which a central feature
is the flow of information from the regulated community to government officials,
the theory being that those government officials can review that information,
make sure that environmental problems that could affect the public health and
welfare are fixed, and act to prevent future harm. The system depends on the
honesty of the regulated community to provide truthful and complete information.

As good corporate counsel out there know, when you are making the decision
about making a voluntary disclosure, you don't think about making it to the
Environmental Crimes Section or the Criminal Division of a U.S. Attorney's
Office. If you did that, you would be defining your own problem as a criminal
problem. The vast majority of voluntary disclosures in this area are made to
the regulatory agency, with the hope, reasonably, hopefully, that it will remain
an administrative matter.

As a general rule, in the criminal business we don't see the good corporate
citizens with the good compliance programs. An organization with an
environmental problem that is honest about it, that reports it to the regulatory
agency, that works with the agency and is doing its best to fix that problem,
the regulatory agency is not referring that kind of case to us. Chances are we
never see that sort of thing, and if we do get it, those are all reasons to
decline that case criminally.

Let me address one definitional issue that was touched on yesterday. When we
speak of an effective program to prevent and to detect violations of law, how do
we take into account the small companies, the ma and pa companies? The small
companies, as people said, are unlikely to have a formal compliance program.
However, they may still have the functional equivalent of those seven steps that
you need for an effective program as set out in the guidelines. The kind of
questions we would ask in the environmental context, in the criminal context,
are: do the company's employees receive training needed to properly handle the
chemicals used in the production and the waste generated? Do the employees have
the necessary equipment? Are sufficient funds budgeted to do the job? Are
supervisory responsibilities for proper handling of these materials clearly
defined? Do employees know who to talk to about environmental problems? And do
the supervisors have adequate authority?

Has the organization made its commitment clear? Are employees instructed to
report problems, and does management respond appropriately, without retaliation?
There are two sides to this. People who don't act properly, are they
disciplined? And is proper environmental compliance incorporated into the
standards by which employees are evaluated? It should work both ways.

Is day-to-day supervision adequate to quickly detect violations? Are there
plans for emergencies? In general, does the corporate culture support
compliance? A small company can have or do all those things. It can have the
systems to do those things without any sort of formal program. If you ask its
employees, "Does it have a compliance program?" they would say no.
Nonetheless, the company can still do those things. And that raises a very
difficult issue for the government and for the Sentencing Commission in dealing
with different size companies.

The guidelines recognize that issue when they say that the larger companies
will necessarily need to have a more formal program. But what do you do with
the small companies? You need flexibility. Otherwise, the small companies are
going to be left out of this whole process, and we're going to have a system
that can benefit and encourage compliance with big corporations and ignore much
of the business community.

On the other hand, if you define it too loosely, you dilute the standards for
what these programs or systems are all about. You encourage after-the-fact
rationalizations, with people claiming they had the systems, inventing it, after
the crimes, and you add to litigation at sentencing.

When I talk about this in the rest of my remarks, when I talk about a program,
I'm thinking of a system with enough flexibility to include the small companies.
Let me address the department's July 1991 policy.

So far, what I have talked about are case referrals and the importance of
compliance programs, and they are centrally important. Now we are talking about
charging decisions. The Justice Department's July 1991 policy addresses
charging decisions. It makes voluntary compliance an important consideration in
those decisions. It specifically encourages prosecutors to take them into
account in ways that will encourage self-auditing, self-policing, voluntary
disclosure. It's always those things together.

The factors under the policy are similar to the factors you see under other
policies and that the guidelines talk about: voluntary disclosure, cooperation,
preventive measures and compliance programs. The policy also talks about
additional factors that are considered especially important:

Pervasive non-compliance. If there's a claim that there is an effective
program but we're seeing pervasive non-compliance, that's very strong
circumstantial evidence that there is not an effective program.

Internal disciplinary action is critical. Subsequent compliance efforts are
also extremely important in the environmental area, given the catastrophic harm
that can be caused by these crimes.

No single factor is controlling, and we look for all three steps. You can do
a beautiful audit of the company, and if it sits on the shelf and there is no
follow-through, it is not doing anyone any good. There has to be an audit;
there has to be disclosure; there has to be correction.

Different factors can be more or less important in any particular decisions,
but we're looking for each of the steps.

Now, let me talk about the application of the policy and my own observations.
Our experience in criminal cases is that typically the policy has not been at
issue because there has either been no program or because there has been a
completely inadequate paper program in our cases. Let me explain that and
describe our cases.

Most of the environmental crimes, many of them, fall into two categories. The
first are defendants who misuse the regulatory system for criminal purposes,
often to commit fraud. The second are defendants who make a deliberate business
decision to break the law for a business reason. They break the law to save a
buck.

Not only can it pose a serious threat to the environment and to the public
health when that happens, but it also puts competitors who are playing by the
rules at an unfair disadvantage. Rather than trying to describe all the factors
that go into what makes an environmental violation a crime, what I always try to
do is take some of the last cases that I have personally been involved in,
because I think a picture is worth a thousand words.

First of all, as far as a defendant who misuses the regulatory system to
commit fraud, we recently had a case against a company in North Carolina. The
company held itself out as being in the business of reclaiming waste oil and
properly disposing of industrial waste water. Other businesses would come to
this company and pay it money to properly dispose of their waste. The company
would routinely take the waste and put it down the sewer without proper
treatment. It included waste with heavy metals, other toxic and hazardous
substances. To avoid being caught by the regulators, the company tampered with
the monitoring devices.

So here is a company taking money, saying that it would comply with the
environmental laws. It only was able to exist because the environmental laws
impose these requirements, and then it didn't follow through with what it had
promised. So it is a straight commercial fraud as well as an environmental
violation.

As far as the other kinds of crimes, we recently this summer finished a trial
against an electroplater in Texas. This company generated a couple kinds of
hazardous waste: sludge from its giant tanks, plating tanks, as well as waste
water. This company disposed of its hazardous waste water by pouring it on the
floor. It typically had six inches of this waste water on the floor. The
workers had pallets, for as long as they'd last, sitting on the waste water, and
they would stand on these wooden pallets. There were drains in the floor, and
the waste water went down the sewer.

When things go down the sewer, the treatment works, the sewage plants, aren't
typically built to handle this material, so it in one way or another gets
through the plant and ends up in the environment in one form or the other.

Also, with six inches of waste water on the floor, sometimes it wouldn't go
down the drain fast enough, so the company would pump it out into the street or
employees would take brooms and sweep it into the back alley.

The authorities in Texas did everything they could to get the company into
compliance. They showed remarkable constraint. They brought administrative
actions, civil actions. There was a federal civil action. This went on for ten
years until the criminal case was brought. The president, vice president and
plant manager, and corporation were convicted.

A compliance program was not really an issue in that kind of case, although
the company did charge a five percent surcharge for its products for its
compliance program. I don't know what that was.

When you think about it, though, it's outrageous. The people who worked in
that plant were likely working there because they didn't have any other place
they could work, and they're standing over liquid hazardous waste all day long.

Another case recently, this summer, in Massachusetts, ended in a guilty plea
by a major corporation. The corporation discharged oil and grease into the
Charles River from one of its facilities for 15 years. It was done chronically;
it was done knowingly. Its own contract lab sent its reports for a while on a
weekly basis showing that it was in violation of its permit, sometimes by 30
times, when it had a permit.

Internal corporate memos show that some officials in the company knew that the
pollution control equipment never worked and that it was being bypassed.

Again, that's not a case where we're dealing with a compliance program at the
time of the crime. That's a case where as part of sentencing we are seeking to
have the compliance program imposed.

Where there have been compliance programs in cases, my observation is that
federal prosecutors have taken it very seriously. They have followed the
policy. They have bent over backwards to give companies a break in order to
encourage compliance. And, again, let me give you an example from a recent
case. There aren't a lot of examples. It has not come up a lot.

This is a case against PEPCO in Maryland. The company had been violating the
Clean Water Act for five years on almost a daily basis. There was an open
investigation by the U.S. Attorney's Office, but it was for commercial bribery.
They were not aware of the environmental violations. The discharge was from a
600-acre flyash storage site, and it included extremely acidic water and water
containing heavy metals which was being pumped illegally into a swamp, but the
swamp would then flow into a river. And it was done surreptitiously at night by
one company employee, who would then order other people to do it.

The company came forward. The government made no promises at the outset but
asked for cooperation. The company was fully cooperative. It did all the sorts
of things that Bob Litt was talking about. It gave summaries of employee
interviews. It gave the internal investigative report. It gave consent to
search and access to facilities. Employees were made available for interviews.
The company identified possible employee witnesses as well as possible employee
subjects of the investigation. The company took disciplinary action, and
eventually the U.S. Attorney's Office prosecuted the plant manager for
commercial bribery and for violations of the Clean Water Act and agreed that it
would not prosecute PEPCO. There was a civil action.

The prosecutor applied the department's 1991 policy. There had been
disclosure. Both the guidelines and the DOJ policy talk about the key being
promptness, that is, disclosure before the person making the disclosure knows
about the government investigation. Here it was very timely. PEPCO acted
quickly when they discovered it.

There also has to be full cooperation. There was very good cooperation here.
This is a very difficult area. I've seen it a little in the environmental area.
I've seen it more in fraud cases and other cases in the context of full
cooperation, because what happens a lot is you end up sitting down at a table
and the prosecutor's on one side, corporate counsel, defense counsel, maybe
outside counsel, are on the other side, and there is a discussion about whether
the company is being cooperative, whether it has fit all the criteria to get the
break or to get some consideration.

What happens is, to the prosecutor it looks like the company is holding back,
and when you look at the other side of the table, counsel is looking very
frustrated at the prosecutor. Typically, in my experience, what is happening is
they're operating from very different facts; the witness who is being
interviewed as part of the internal investigation with corporate counsel present
is not saying the same thing when that whistleblower employee is calling up the
FBI and spilling his guts. And so what's happening is the prosecutor perceives
the limited information as a company holding back. In fact, what may be
happening is corporate counsel is saying everything he or she knows, but doesn't
know as much as the government knows, or knows different things. Many of the
disagreements over what appear to be applications of policy really arise because
the factual world view of both sides is completely different.

Finally, preventive measures and compliance programs - PEPCO did have a
program in place, and it fit what the DOJ policy talks about as being a
regularized, intensive, and comprehensive program rather than the phrase "effective
program" that you see in the guidelines. Perhaps it was not a super
policy, but there was something in place.

Probably most importantly, it was adopted in good faith. It appeared to have
been established in a timely manner. And as Bob Litt pointed out, we see all
too many times instances where suddenly there's a compliance program after a
company knows it's being investigated. That's something that we get very
cynical about.

I have talked about the first two screens where compliance programs apply:
case referrals and charging decisions. Let me move on to sentencing. As I have
said, we have not seen this come up in a lot of sentencings because those first
two screens are at work.

In addition, I have to make a disclaimer. As you know, Chapter Eight, the
fine provisions, do not apply to environmental crimes except for criminal
purpose organizations. So our experience with the fine part is in a
pre-guideline setting.

What I want to suggest is that in the environmental area, compliance programs
are not merely important; they are necessities. You have to have a compliance
program. Employees must know what they have to do to handle dangerous materials
and waste, and management needs some sort of system to ensure that the standards
are being met. The guidelines appear to recognize that. The guidelines say if
an organization handles toxic substances, it must have established standards and
procedures designed to ensure that those substances are properly handled at all
times.

Given the importance and the essential nature of compliance programs, what I
want to suggest is we may be past the point where, as a matter of sentencing,
there should be simply a benefit if a defendant has a program. Compliance
programs perhaps should be the baseline. And if a defendant has an effective
program, it should get a benefit. But if it has nothing, then there should be a
penalty attached to that. We are past the point where we can ignore this area.

Let me talk briefly about compliance programs as part of a criminal sentence.
Reflecting our strong interest in these kinds of programs, in a number of recent
and important cases, compliance programs have been a very important factor in
plea agreements. Recent cases include Palm Beach Cruises, Crescent Ship
Services, Ketchikan Pulp Company, and ConRail.

The catalyst for this really comes from the guidelines for organizations. If
you speak to the prosecutors handling these cases, they point to the guidelines.
While the fine provisions don't apply to environmental crimes, the
organizational probation provisions do, and they talk specifically about seeking
compliance programs as part of sentencing.

Common terms in these plea agreements are five years organizational probation,
an independent auditor, and a very detailed program that must be approved by the
court. More recently, we're looking for an assessment of the problems before
sentencing. It not only helps speed things along, but it's a real aid to the
court at the time of sentencing. The first couple of times, we didn't do that.
At sentencing what we had basically was a commitment to do the plan or the
program. The result was a necessity for hearings after sentencing to get the
same job done. It is more efficient to try to get a head start.

A specific corporate executive is named as being directly responsible for
managing the company's compliance with the program, quarterly reports to the
court and the government, and then periodic inspections by government personnel
and private consultants.

Again, let me suggest that in looking at these compliance programs,
specifically in the environmental area, it's important to look at the guidelines
and, in some instances, to make adjustments. Just as an example, the provision
which authorizes examination of books and records in order to monitor compliance
programs is a great provision, 8D1.4(c)(4). In a financial sort of program,
that may well be enough, but for an environmental compliance program, inspecting
books and records doesn't go the whole way. The government needs to have
opportunities for sampling, opportunities for site inspections, if these
programs are really going to be monitored. So there's a need to make
adjustments to take into account environmental crimes in these provisions.

My final observation is a general one about Chapter Eight and environmental
crimes. This is really responding to the sort of comments we heard this morning
from Bill Lytton and others about the need for consistency, or at least if not
consistency, to look at the differences and see if the differences make sense.

This is just one example, and that's all. The guideline provision for
self-reporting gives credit for self-reporting, cooperation, and acceptance of
responsibility. There's no differentiation made on voluntary disclosure between
the disclosure that is voluntary and the disclosure mandated by law already. So
you could be required by law to make the disclosure, and you'd get the same
credit, as I read it, under the guidelines.

Under the department's policy, a voluntary disclosure does not include a
mandatory disclosure. So that's a difference, and there are arguments on both
sides. Perhaps at this sort of symposium in the future, those sorts of
considerations for environmental crimes and Chapter Eight should be considered,
with each point looked at carefully. Anyway, those are some thoughts. I very
much appreciate this opportunity to address you. Thank you very much.

GARY R. SPRATLING

COMMISSIONER BUDD: Our next panelist is Gary Spratling. Mr. Spratling is, of
course, with the Department of Justice, and he serves as the Deputy Assistant
Attorney General for Criminal Enforcement within the Antitrust Division. In
that capacity - and you may have read about this in today's paper - he led the
way in obtaining a plea from a company by the name of Dyno Nobel, and that plea
involved a $15 million fine. It can only be described, I assume, as an
explosives price-fixing case.

Gary has served as a prosecutor at the Department of Justice for some 24
years, and during that time he has received a number of professional awards and
honors, including the John Marshall Award for the Supervision of Litigation and
the Presidential Rank Award. Mr. Spratling is also very active in the Bar
Associations across the nation, and currently he serves as the vice chair of the
Criminal Practice and Procedure Committee of the American Bar Association's
Antitrust Section. Ladies and gentlemen, Gary Spratling.

MR. SPRATLING: Thank you, Commissioner Budd, and good morning. Let me begin
by expressing my appreciation for the opportunity to address this group. It is
an honor to be asked to join the distinguished group of speakers that this
symposium has brought together. And now you get to hear the antitrust
perspective, and it's going to be different in a number of important respects
from what you've heard thus far.

As a prosecutor, when I think of a good corporate citizen, I think of a
corporation that has an effective compliance program, one that reports its
violations whenever that program is not completely successful, and one that
accepts responsibility and cooperates in any resulting government investigation.
For prior discussions about compliance programs and antitrust enforcement, see
"Antitrust Compliance Programs: Are They Worth It? Between Prevention and
Sentence Mitigation - Don't Forget Amnesty and Other Forms of Favorable
Treatment by the Government," paper by Robert Bloch, Chief, Professions and
Intellectual Property Section, and Gary R. Spratling, San Francisco Field
Office, Antitrust Division, State Bar of California Annual Golden State
Antitrust and Trade Regulation Institute (September 9, 1993); "Corporate
Compliance Programs, Antitrust Enforcement and the New Organizational Sentencing
Guidelines: A Prosecutor's Perspective," remarks by Robert Bloch, before
the American Bar Association Annual Meeting (August 10, 1992); "Antitrust
Compliance Programs Under the Guidelines: Initial Observation From the
Government's Viewpoint," article by Neil E. Rogers, Chief, Legal Policy
Section, Antitrust Division, Corporate Conduct Quarterly, Summer 1992; "The
Importance of Deterring Antitrust Crime: Corporate Compliance Programs and
Federal Antitrust Enforcement," remarks by James F. Rill, then Assistant
Attorney General, Antitrust Division, before the Symposium on Antitrust and
Association Law (February 20, 1992); "Corporate Compliance Programs and
Federal Antitrust Enforcement: A Cooperative Approach to Deterring Antitrust
Crime," remarks by James F. Rill, then Assistant Attorney General,
Antitrust Division, before the Symposium on Antitrust Enforcement (March 19,
1991).

However, as a comparison of Bob's and Ron's remarks would indicate, and as the
addition of my remarks will make absolutely clear, the manner in which federal
prosecutors take compliance programs, self-reporting, and cooperation into
account at the various stages of investigation and prosecution can vary
significantly from one component of the Department of Justice to another, and
the sentencing guidelines don't resolve all the issues with respect to credit
for those actions at the sentence mitigation stage.

Therefore, my purpose in this presentation is to address four issues regarding
my postulated elements of corporate citizenship, that is, compliance programs,
self-reporting, and cooperation, from the perspective of an Antitrust Division
prosecutor.

First, what effect do compliance programs have on the operation of the
Antitrust Division's discretion?

Second, what is the Antitrust Division likely to require in a compliance
program before it acquiesces to a reduction in culpability score and a reduction
in fine range for a corporation?

Third, is the sentence mitigation sufficient in antitrust cases to justify the
effort required for an effective compliance program and the risk of the
self-reporting and cooperation required for full credit in the guidelines?

Fourth, are there even more important potential benefits from a compliance
program, self-reporting, and cooperation than exist in the sentencing
guidelines? And in connection with that topic, I will discuss the Antitrust
Division's amnesty programs, one for corporations and now one for individuals.

Lastly, I would like to discuss a not directly related issue, but in order to
discuss the fine that Commissioner Budd mentioned a moment ago, I would like to
discuss the impact of the sentencing guidelines on fines in antitrust cases.

Let's look first at the Antitrust Division's perspective on compliance
programs and the exercise of our prosecutorial discretion. What if, in spite of
a compliance program, a violation occurs? Will the corporation get credit from
the Antitrust Division for having that compliance program in place at the
charging stage, at the sentencing, or in both?

First, the charging stage. This is the bad news for corporations. The
existence of a compliance program has a very limited role in how we exercise our
prosecutorial discretion. Once a violation occurs, the compliance program can
do little, if anything, at the Antitrust Division to persuade us not to
prosecute the corporation.

During the pre-indictment phase of a grand jury investigation, we frequently
hear from counsel representing the corporations that the corporation should be
excused from criminal liability because of an individual employee's conduct that
occurred without the knowledge, approval, or authority of the corporation, and,
in fact, in direct contravention of the corporation's compliance program. This
is the "rogue employee" argument, and we hear it in every antitrust
case.

The argument is that, therefore, the employee's conduct should not be imputed
to the corporation. We also hear a related argument in antitrust cases that we
should not indict the company because the minute the company found out about the
rogue employee's conduct, it instituted a compliance program to stop similar
conduct in the future; and so since it has instituted that conduct to prevent
similar violations from occurring, there is no further need for a deterrent
effect.

The Antitrust Division does not give much weight to either of these arguments
in the pre-indictment stage. To the extent that antitrust prosecutors allow
failed compliance programs to excuse antitrust violations, we believe that we
undermine our own efforts to deter crime. Were we to credit failed compliance
programs at this charging phase, there would be less incentive for companies to
make sure these programs work, to refine the programs, and to make them
effective. The ultimate goal, after all, is a compliance program that prevents
crimes, not one that excuses the corporation in the event that one occurs.

Although the existence of a compliance program will rarely prevent a
corporation from being pursued criminally by the Antitrust Division, a sound
compliance program may serve to reduce, and reduce significantly, the fine that
a corporation has to pay upon conviction.

The Sentencing Commission has set out in detail what it means by an effective
compliance program and has described the seven due diligence criteria as the
minimum types of steps that must be taken in order to qualify as an effective
compliance program. I'm not going to review those because by now you know them
by heart.

If these seven requirements listed in the sentencing guidelines are the "minimum
types of steps" that must be taken, that raises the issue of what, if any,
additional steps federal enforcers believe should be taken before a company gets
credit for a compliance program.

Bob talked about some of those additional steps, Ron talked about some of
those additional steps, and the Antitrust Division has identified additional
steps as well, largely consistent with those that Ron and Bob described:

No credit if, after an organization becomes aware of a violation, it delays
unreasonably in reporting it to the government authorities.

No credit if high-level people are involved in the offense.

No credit for paper programs. This is something that I think Bob referred to
as empty programs, where there is no real commitment for detecting offenses.

Lots of credit for affirmative steps to detect price fixing and bid rigging,
and examples are set forth in the materials.

For credit, it is critical to have regular and unannounced audits of pricing
and bidding personnel. For credit, the compliance program must be customized to
the firm's specific organization, operation, and personnel. And for credit, the
compliance program should have negative incentives for violations - loss of
position, forfeiture of benefits and so on - and positive incentives for those
that report violations.

If a firm does get credit for an effective compliance program, that credit
could reduce an organization's maximum fine by more than 50 percent, which, of
course, in the antitrust area can be many, many millions of dollars. But that's
not the best part of a compliance program. The really good news has to do with
all the potential valuable benefits to a corporation between prevention and the
sentencing guidelines. And let me explain that.

In the antitrust area, there are two special antitrust-only provisions in the
sentencing guidelines. The first provision is an instruction to use 20 percent
of the volume of affected commerce in lieu of pecuniary loss in calculating the
base fine. The second provision is that whatever an organization's culpability
score, neither the maximum nor the minimum multiplier may go below 0.75. As you
know, as the culpability score goes down for all other types of offenses in the
sentencing guidelines, you can get down to 0.05.

The net result of these two provisions is that there is a floor in antitrust
cases, a minimum fine of 15 percent of the volume of affected commerce. This
has caused a lot of commentators to ask the question, "Is there a
sufficient incentive in the sentencing guidelines for an antitrust offender to
come forward?" Indeed, a firm that starts with an initial culpability
score of, say, five can get down to very near the minimum multiplier for an
antitrust case of 0.75. It can get down to 0.80 just with acceptance of
responsibility - without having a compliance program, without self-reporting,
and without cooperation.

Of course, the problem with that analysis is the wrong question is being
asked. The question is wrong because it's looking to the effect of those
activities at the sentencing stage of the enforcement process instead of looking
to the beginning of the enforcement process when each of those actions -
compliance programs, self-reporting, and cooperation - has its real benefit.
That's where those activities may actually result in the corporation not being
subject to the sentencing guidelines at all; or if it is, benefiting from very
substantial reductions in the minimum fines set forth in the guidelines.

Early detection of a violation through a compliance program affords an
organization the opportunity to consider the options of voluntary disclosure in
the case of the defense procurement fraud area, self-reporting in the case of
antitrust, and cooperation with the government at a time in the enforcement
process far before conviction and sentencing when those actions had the
potential for very favorable treatment for the organization, including complete
amnesty, a pass from prosecution. And if amnesty isn't available, there still
remains a whole range of disposition alternatives with substantial benefits to
the organization, benefits which are unavailable to the organization that does
not have a compliance program able to detect those violations early, and that is
therefore unable to come in and be one of the first ones to cooperate with the
government.

Let's look first at the amnesty program at the Antitrust Division. The
Antitrust Division first announced its corporate amnesty policy, also known as
the corporate leniency policy and corporate immunity policy, but most commonly
referred to as the corporate amnesty policy, in October of 1978. That policy
was in effect for 14-and-a-half years, and the policy said that the Antitrust
Division was prepared to give serious consideration for lenient treatment to
organizations that voluntarily reported their illegal activities and came
forward to us before the violations were detected by the division.

The grant of amnesty was not automatic, was based on prosecutorial discretion
pursuant to a seven-factor test, and was available only to people who came
forward or organizations that came forward before we had begun an investigation,
which is still the case in the other divisions of the Department of Justice.

In 1993, the incoming and current Assistant Attorney General for Antitrust, my
boss, Anne Bingaman, said that a corporate amnesty program made good sense, but
that the longstanding policy of refusing to give amnesty to anyone, no matter
what they could offer because an investigation was underway, was maybe denying
the Antitrust Division valuable cooperation that would be in the public
interest. So she changed the amnesty policy in several respects, making three
important changes.

First, if a corporation comes forward before our investigation begins, amnesty
is automatic. There is no prosecutorial discretion involved. It is a certain
grant of amnesty, and the criteria are similar to conditions under the earlier
policy.

The second major change is that if a corporation comes forward after our
investigation begins, it may still qualify for amnesty. This is a discretionary
grant of amnesty based upon seven criteria. The first two of these criteria are
the threshold criteria. The first criterion is you have to be the first
corporation to come forward. The second criterion is that at that point in the
investigation we cannot yet have sufficient evidence against the corporation to
result in a sustainable conviction. The seventh criterion establishes that the
earlier you come in, the more likely you are to get amnesty.

The third major change is if a corporation qualifies for automatic amnesty -
and this is different than any other division of the department - then all
directors, officers, and employees who come forward with the corporation and
admit their involvement and cooperate in the investigation will also receive
automatic amnesty.

Note that whether or not an investigation has begun - that is, whether or not
you are seeking to get automatic amnesty or alternative amnesty - you must be
the first corporation that comes forward. There are no two bites here. Only
the first corporation gets amnesty.

The number of corporate amnesty applications has increased significantly under
the new policy. So Anne Bingaman was right. Under the old policy, we received,
on average, one amnesty application per month over the course of 14-and-a-half
years. Since the new policy went into effect, we started out at and we have
continued and, in fact, in recent months it has gone up a little bit, but we are
receiving on average one amnesty application - did I say before per month? I
meant per year. We are now receiving one amnesty application per month.

In August of 1994, one year to the day after Anne Bingaman announced the new
corporate amnesty policy, she announced the first ever individual amnesty
policy. This is separate from coming forward with a corporation. After the
corporate amnesty policy was announced, some asked, "What about
individuals who come forward on their own behalf? What if they don't want to
wait for detection by the corporation and wait to see what the corporation is
going to do? What about individuals who want to come forward on their own after
a corporation has detected the violation but has determined it's not going to do
anything about that detection?"

Many thought that such individuals that come forward on their own also ought
to be eligible for amnesty, and so we have the new policy that provides that,
one, if an individual comes forward before we have an investigation; two,
reports with candor and completeness and then cooperates in the investigation;
and, three, was not the originator or leader in the activity and didn't coerce
anybody else into doing it, then that individual gets automatic amnesty.

Even if an organization comes in and does not meet the amnesty requirements,
it may receive a fine below, perhaps substantially below, the guidelines minimum
for substantial assistance in the prosecution of other individuals and
organizations. And if you come in, even the next step, if you come in and you
are not yet in early enough to qualify for the substantial assistance reduction
for cooperation, the government can still tailor a criminal settlement that is
advantageous to that organization and favorable as compared to organizations
that will come in later.

Since I have just been given the five-minute sign, I won't go over those other
types of favorable treatment.

To sum up my remarks on the first four topics, when a firm detects a violation
early, especially before we have an investigation underway, it is time for that
firm's counsel to host "Let's Make A Deal." When counsel or the
client detect a violation before we do, it is one of those rare times in our
system of law that counsel for a corporation that has committed a felony is in
the driver's seat. Why? Because we want the information your corporation has
to offer more than we want your corporation as a defendant, because your
corporation is going to allow us to prosecute other culpable corporations and
individuals. And so when you find yourself in that situation, don't think about
the sentencing guidelines. Think about: can we cooperate early? Can we report
to the government, work in their investigation, and possibly qualify for amnesty
and not be subject to the sentencing guidelines at all?

My last topic is fines in antitrust cases under the sentencing guidelines. In
November 1990, the maximum Sherman Act fine for a corporation found guilty of a
criminal violation was raised from $1 million to $10 million. The combined
effect of this change in the maximum statutory penalty and the minimums
established by the sentencing guidelines for antitrust offenses is now becoming
very apparent.

In the past 14 months, six corporations have paid fines of at least $4 million
for single-count Sherman Act violations. Two weeks ago, an antitrust defendant
agreed to pay and the court imposed the statutory maximum fine of $10 million
for the defendant's participation in a conspiracy to fix prices and rig bids in
the explosives industry. This was the first time that the maximum statutory
penalty had been imposed under the Sherman Act.

And yesterday, as Commissioner Budd mentioned, a defendant agreed to pay and
the court imposed a $15 million fine on a company in that same investigation. A
$10 million maximum on the first count and a $5 million fine on the second
count, which involved an agreed-to upward departure by both the government and
the defendant under circumstances that unfortunately I do not have time to
discuss.

The $15 million fine is the largest fine imposed on a single defendant in a
criminal antitrust case. It is instructive to look at how that $10 million was
arrived at because it did not involve an extraordinary amount of commerce, and
let me, in the interest of time, just focus on the first of those cases which is
United States v. ICI Explosives.

The parties reached an agreement that the volume of affected commerce was
approximately $50 million. Following the guidelines instruction to use 20
percent of the volume of affected commerce in lieu of pecuniary loss, the
defendant's base fine was $10 million. The parties also stipulated that the
defendant warranted a culpability score of seven, which would have been much
higher but for its early cooperation with the government throughout the
investigation, and, thus, its minimum and maximum multipliers were 1.4 and 2.8.
That meant that the range of fines for the corporation was $14 million to $28
million. In this case, the division agreed that the calculations of double the
loss and double the gain would unduly complicate and prolong the sentencing
process and agreed that a $10 million statutory maximum was appropriate.

As the calculation that I have indicated to you in this case should indicate,
the $10 million maximum in an antitrust case can be reached very quickly with
volumes of commerce much less than $50 million, especially for organizations
that do not cooperate.

A concluding point: A Wall Street Journal article last week that
suggested that the sentencing guidelines have been used, for the most part, only
against small companies. At least in the antitrust area, such a notion is not
true. There is nothing fundamentally wrong with the guidelines with respect to
corporate fines. Statistically, of course, there are more small companies than
there are large companies. Our investigations develop evidence of violations
against small companies and against large companies, wherever that evidence
exists. Proof of the larger conspiracies often take longer to develop; however,
as a matter of prosecutorial discretion, you can bet that we are looking at the
larger conspiracies and looking at the larger companies.

The average fine imposed on corporations in Antitrust Division cases has
increased 170 percent between 1992 and 1995 to date. At the Antitrust Division,
we try to be equal opportunity prosecutors, bringing cases against both large
corporations and small corporations, as the $10 million and $15 million fine
should confirm. And note that those large fines were imposed upon corporations
that cooperated: ICI, which received the lower fine of $10 million because it
cooperated early in the investigation, and Dyno Nobel, which is cooperating now.
Had those firms not cooperated, we would have sought higher fines. Thank you.

EUGENE M. THIROLF

COMMISSIONER BUDD: Our final panelist will be Gene Thirolf. Mr. Thirolf
graduated from St. Louis University School of Law and spent some time in the
area of legal services. After a few years in that capacity, he went to the
Department of Justice where he was assigned to the then newly created Office of
Special Investigations, which had as its charge the investigation and litigation
of cases involving Nazis and Nazi collaborators who illegally immigrated to the
United States.

In 1981, Mr. Thirolf became a senior litigator with the Department of
Justice's General Litigation and Legal Advice Section, where he prosecuted
complex legal cases. Since 1992, Gene has served as Director of the Office of
Consumer Litigation. In this capacity, he has had responsibility for both the
civil and the criminal enforcement of the Food, Drug, and Cosmetic Act, the
Federal Trade Commission Act, the Consumer Product Safety Act, among other
statutes. Mr. Thirolf?

MR. THIROLF: Thanks very much, Wayne. Thanks for the opportunity of
appearing before you. Good morning. Over the last few years, I have spoken to
a number of groups and associations about the consequences of sentencing
guidelines on their organizations that were or could be facing criminal
prosecution. I have heard defense lawyers, not unlike today, portray the
sentencing guidelines and those of us federal prosecutors who do white-collar
work as being more or less the villains in a Dickens plot in which the lives of
executives and the fortunes of firms regulated by the government are ruined.

I'm not that bad a guy. But if being brought out in this sort of symposium to
say that you'd better adopt a compliance program or the dogs will be let loose
results in your adopting meaningfully successful compliance and ethics programs,
then it's worth it to you and to me.

None of us takes any delight in the distress of others, be they corporations
or individuals. We want you to make money. We want you to be prosperous.
Indeed, the food and drug firms, which is a good part of our practice, have been
very successful and innovative during the years that we have been involved. But
most of all, we want you to stay out of trouble.

Our experience has been that guilty corporations do criminal acts that you
would want punished, especially if they were your competitor, if it was not your
case and if it was not your firm.

Ladies and gentlemen, we have been through this for a number of years because
the food and drug statutes and some of the other statutes that we handle have
imposed a self-audit, a compliance responsibility on responsible corporate
officials for many years. And do you know what? We fight over, when we talk to
potential criminal defendants, criminal defendants after they have been
convicted, whether or not their compliance program was meaningfully successful,
whether or not corporate officials at a high level were involved. Because there
is an adoption of a program does not mean that it works and does not mean that
it should be given credit when the process is underway. And, indeed, the
guidelines contemplate that we are truth seekers in that endeavor as well.

When I encounter a corporation in a negotiation to settle a particular
criminal matter, I feel a little bit like someone's spouse who has warned you
about some misadventure, only to be saying later, "I told you so."
Well, I have news for you. I have been in a number of these sessions, and at
each one I have said, "I am going to remind you if you come in to see us
that I told you so."

At the urging of Win Swenson and some other members of the bar, I am trying to
explain to you why, in our experience over the years, sound management
principles, good science, and good judgment, and now the over-arching discipline
of the sentencing guidelines, can prevent you from getting into trouble in the
first place and can even inure to your benefit if you are prosecuted by any one
of these components of the Department of Justice.

To prove what you have been learning all week is common sense, let me quote
from Judge Wolf's conclusion in an opinion accepting the $61 million civil and
criminal penalty in the Bard case. Bard was and is an innovator in medical
devices and was prosecuted as a corporation. The individuals' trial was just
completed recently, and three of those executives were also found guilty.

Quoting Judge Wolf: "The court finds that the agreed sentence provides
just punishment for Bard. It should prevent Bard from committing comparable
crimes in the future. It should also send a message to corporate officials and
companies they personify that to subvert the Food and Drug Administration
process, intended to assure the safety and effectiveness of medical products, is
not just wrong, it is dumb."

Keep in mind that establishing accountability and ethical standards and having
review and approval of all of that at the highest level of an organization is
simple common sense and good business management.

I am not going to repeat what is in my outline, nor, I hope, repeat what
you've heard among the other panelists this morning. We enforce both civil and
criminal matters under the statutes that we enforce. I think that is somewhat
unique in the Department of Justice as a litigating division, but it's true in
every United States Attorney's Office.

Our job is pretty straightforward. We receive referrals from agencies. We
analyze the cases, and our job in essence is to protect consumers from unfair
practices and to protect those consumers who really are not in a position to
protect themselves. If you go in for a heart catheterization procedure, you
have to have confidence and believe that the medical device that is being used
on your heart is, indeed, safe and effective, or our medical system isn't going
to work as well as it has.

We have pursued a number of cases with unsafe biologics, drugs, and medical
devices, and we have resolved a number of those cases with injunctions and civil
settlements. Obviously you want to know how to get on the civil side rather
than on the criminal side. Ladies and gentlemen, I submit to you, by the time
the case gets to us, since you have gone through the regulatory agency either at
the federal or state level, it's pretty much a closed question.

We have sought and obtained injunctions against blood banks, for example, for
unacceptable collection and distribution practices and not proceeded in criminal
ways for all sorts of reasons. But primarily when we are presented with
fraudulent conduct, we pursue the fraudulent conduct. And if there is
fraudulent conduct, I submit to you, as a matter of truth seeking, that
compliance program, whatever it was supposed to be, was facially or, as applied,
inadequate.

Now, there are some obvious concepts you need to have to understand how these
guidelines have affected our practice. There is a disconnect, I know, and the
outline says it. Organizational guidelines don't necessarily apply to our
cases. Why do we use them?

First, the food and drug statutes have required a similar system of checks and
balances as the organizational guidelines have for 50 years. We have been
arguing about this with defense counsel for a long time. And, secondly, that
has been specifically articulated as a ready set of principles to debate. The
Supreme Court said in the Park case over 20 years ago that responsible corporate
officials subject to the food and drug statutes have to operate with the highest
standards of foresight and vigilance to detect in the first instance and to
avoid violations in the second. Isn't that in essence what the guidelines are
intended to do?

Our experience - and I'd like to focus a little bit, since I was asked to go
into some specifics - involved the generic drug industry. Congress passed
legislation in the 1980s to allow the public to pay less for prescription drugs
that had passed off patent, that the pioneer product had gone on and served its
function and now was off patent, and others could copy it and sell copies. When
you go into your pharmacist, he says to you, "Do you want the generic?"
And we prosecuted firms as they came on line. Sixty-seven individuals, 16
companies have been prosecuted since that began in basically 1990. More than
$30 million in fines have been assessed. What did they do?

Bolar is an example. One of the premier generic firms coming on the market,
they're going to be first on the market because if you're first on the market
with your drug product, the pharmacist will tend to suggest yours rather than
someone else's. They had to prove at Bolar that their copy of the drug was
equivalent to the pioneer drug that the manufacturer of that product had spent
billions of dollars producing. In fact, they had to prove it in tests, tests on
individuals and tests in the chemical lab. And they were on a rush. They
wanted to be first on the market. What do you do? I've got a secret for you.
Take the pioneer product, crumble it up, re-package it as your drug, and test it
against the pioneer product. You know what happened? Their product came out
comparable to the pioneer.

This is not rocket science. You do that sort of activity, you are going to
get prosecuted. And if you're convicted, you're going to pay a substantial
fine. And if you're at the high levels of that organization, you're going to go
to jail. Those individuals were at the highest level of the corporation who
were prosecuted.

One of the interesting segments of this - and I don't know if it's true of my
colleagues' experience, but in each of the corporate pleas that we have been
involved with in the generic drug industry, they have all wanted an 11(E)(1)(c)
plea that says, conditionally, "Judge, this is how much we want to pay."
So the negotiation between the government and the corporate representatives
ends up being a discussion of the guidelines. What else are we going to talk
about? Because, indeed, when we talk about corporate responsibility, we end up
talking about specific and general deterrence. We talk about what is fair or
just punishment to the stockholders of this organization for the activities of
its agents. We talk about the activity of the employee balanced before or after
the guidelines in terms of whether the employee was trained, whether the
employee was given incentives to do what the written policy said he would do.

Ladies and gentlemen, as we debate with corporations over how to control the
wayward acts of their criminal defendants, I think in a sense we have merely
formalized the rules of the debate in the guidelines. If you all like to debate
- and I presume that anyone who has obtained a law degree enjoys that to some
extent - let me give you a tip. When you come in to talk to us to say why your
corporation should not be prosecuted, come in with particular evidence that
shows why your compliance policy failed in spite of your best efforts. Let's
not just shout and complain to each other.

Believe it or not, in the generic drug industry many of the firms had written
regulatory policies. Many of them had compliance officers. Some had regulatory
affairs specialists. The policies were not used, were not enforced, were not
trained, were not meaningful. A critical criterion for us and for most, as you
have heard, is: did the corporation come in and blow the whistle and cooperate
before dogs like me were at the door?

Our experience has been that, with but a few exceptions, these violations have
been committed by individuals who were at the highest levels of the corporation.
The experience is not new. Before the guidelines, before the fine provisions
were so markedly increased, we prosecuted United States v. Hyland. The
government proved during an eight-week jury trial that the highest corporate
executives of a manufacturer and distributor of a drug, epherol, that was
unapproved - intended for premature infants - had knowingly and continually
marketed this drug despite reports from doctors that the intravenous drug was
killing some of the premature infants it was given to.

We had a debate with the representatives of the corporation. These were
wholly-owned subsidiaries. They pointed out in the debate that they had
standards of conduct. They pointed out that they had a history of dealing with
the Food and Drug Administration. They pointed out that they had some audit
system at home.

We were able to show in that debate that there were no real standards of
conduct for employees. Employees had never been disciplined. Employees had
never been even trained what those standards were. There had been a long
history of both firms pushing their business close to or over the line where the
regulators drew it. And there was no check and balance system for the marketing
of drugs. There was no particular audit process. It was inadequate.

It had some effect in the industry. We have now seen, for example, that the
Association of Device Manufacturers, medical device manufacturers, has come out
with an association policy that goes through such specifics as - here's a
particular possible violation of the law - failing to perform adequate complaint
and failure investigations, trend analysis, and corrective actions with regard
to your medical device. What is the preventive action? Read the regulatory
requirements in the good manufacturing practice manual of the agency, have
appropriate standard procedures, train employees with each of those procedures,
ensure documentation, allocate resources to prevent backlogs, follow up on
significant product problems. If you do that, how is it going to occur that
somebody is going to do something like put a drug on the market that has been
untested for premature infants?

This is serious stuff. In reviewing the cases over the years - and you've
heard from each of us - the amount of money has increased significantly. The
consequences to the organization are very serious.

The Bard case is an example. Bard paid $30,500,000 in criminal penalties,
$30,500,000 in civil penalties because the product was being paid for out of
CHAMPUS, Medicare, Medicaid funds.

The guidelines didn't apply to that case. It was prior to the guidelines. It
was after the sentencing enhancements. It was a case handled by the United
States Attorney's Office in Boston, and we served in an advisory role. But,
ladies and gentlemen, when the corporate lawyer began to recognize the
possibility of exposure under these guidelines, they wanted to come to
resolution. And the discussion focused on what their policy was. And after the
discussion was over, one of the components of that settlement is a comprehensive
compliance decree that says explicitly what Bard will do in the future to comply
with the law.

Bard is successful. The food and drug firms in this country are some of the
primary exporters of products that we have. It does not mean that if you have
an effective, meaningfully successful compliance program you cannot be
successful. Indeed, if you don't have it, I wonder how you are successful.

I want to add two points, and then I'm going to finish. We, like the
Environmental Crimes Section in the Criminal Division, but unlike Antitrust,
rely on agencies to bring us cases. If you aren't working with the agency on a
regular basis and expect when you come to us to present your corporate
compliance policy as a trump card on everything else, you're kidding yourselves.

By the time that it comes to us, very serious analysis has already gone on.
Your relationship with those agencies with whom you work is critical to success.
If I don't see the case, I can't prosecute it.

Our goal is deterrence. We are responsible for a fairly esoteric group of
prosecutions, and I want to just complete my thoughts here by saying that if you
look over the 50 years in which the Federal Food, Drug, and Cosmetic Act has
been in existence, in which there have been corporate compliance officers, in
which there have been regulatory affairs officers, in which corporations have
been trying to comply with a very strict standard, because you can be convicted
criminally under the Food, Drug, and Cosmetic Act of a misdemeanor on basically
strict liability, and that industry - or those industries, rather, have been
successful. You can be successful, too, and if you don't have a corporate
compliance policy and you come in to see me on behalf of your client's problems,
I'm going to tell you, "I told you so."

QUESTIONS & ANSWERS

COMMISSIONER BUDD: Ladies and gentlemen, we've heard from four excellent
speakers. I'd like to pose one of your questions to each of the speakers. I'm
going to pose this first question to Bob Litt.

Bob, does cooperation under Section 8C2.5(g) require any of the following:
one, mandatory waiver or tolling of the statute of limitations for the conduct
under investigation; two, mandatory waiver of the attorney-client and work
product privileges for information or documents otherwise protected; three,
mandatory curtailment of payments of the attorney's fees for directors,
officers, or employees who invoke their Fifth Amendment rights; four, mandatory
forbearance from the entry of information-sharing confidentiality agreements,
also known as joint defense agreements, with current and former employees and
third parties; and, finally, requiring employees to submit to "Queen For A
Day" interviews, "use immunity" interviews and the like?

Bob, would you care to respond to those?

MR. LITT: Let me just begin quickly by saying that, as to the last point, "requiring
employees to submit" is probably an overstatement of what a prosecutor will
ask. I think a prosecutor will ask you to request your employees to submit, but
I don't think anybody expects you to strap them to a chair and hold klieg lights
over them.

Also, I don't feel that at this stage I can be addressing this question in
terms of what the sentencing guidelines require. I think that is something that
is going to be worked out through the courts. I don't think there's a
sufficient basis yet for assessing that.

I can tell you that from the Criminal Division's point of view in terms of how
we assess a company's cooperation, the answer to all of those can be yes. And I
go back to what I mentioned before. We're looking for a company that comes in
and is committed to cooperating with the government.

From the prosecutor's point of view, if there are people out there who have
committed crimes, a corporation that has one foot with the criminals and one
foot with the government is not cooperating with the government.

COMMISSIONER BUDD: Bob, thank you very much. To Ron Sarachan, under the
Justice policy, is a company barred from consideration for leniency or
non-prosecution if it self-discloses a violation that it was legally required to
report?

MR. SARACHAN: The short answer to that is no. Let me say two things in
explanation. One thing, when you look at our policy, it makes clear that each
of the components is a factor, and they can carry different weight in different
cases. So if you have a company that does everything right - it discloses, it
cooperates fully, it has a compliance program, it corrects - the fact that the
disclosure happened to be mandatory won't mean that it doesn't get
consideration.

The other thing is if you look at the disclosure provision of the policy, it
talks about the quantity and the quality of the disclosure. There can be a big
difference in a mandatory disclosure in which you tell the regulatory agency
about your Clean Water Act discharges in a monthly discharge report versus
coming forward to the government and saying this was not just a fluke, we have a
problem here, this is what we're doing about it. So even in the context of a
mandatory disclosure, there is often a lot more that can go into a voluntary
disclosure.

COMMISSIONER BUDD: Thank you, Ron. To Gary Spratling, if an individual goes
for amnesty before the company, is it possible for the company to come in and
get amnesty as well?

MR. SPRATLING: It's possible. Obviously automatic amnesty would no longer be
available because automatic amnesty is available only when we don't know about
the violation. We know about the violation from the employee.

You still might qualify under alternative amnesty, but remember the two
threshold requirements I mentioned there. Number one, you have to be the first
one in. Assuming the first one in, you now face the major hurdle, which is
whether or not as a result of your employee coming in we already have sufficient
evidence to result in a sustainable conviction against your firm. If your
employee has given us that, then you can't get amnesty. If he hasn't given us
all of that, then you would still be eligible for amnesty. But even if you're
not eligible for amnesty, of course, coming in that early and offering to
cooperate, there are significant other benefits you might obtain.

COMMISSIONER BUDD: Thank you, Gary. A final question for Gene Thirolf. On
page five of your printed material, you say that the proactive operation of drug
firms can serve as a model. Could you elaborate on what you mean as a model for
compliance programs?

MR. THIROLF: I mentioned it in my discussion. The food and drug firms have
been under the responsibility of the highest standards of foresight and
vigilance for 50 years. They have had to come up with what amounts to corporate
compliance policies.

The Health Industry Manufacturers Association here in Washington spent two
years - and I talked at two of their conferences - in trying to develop a set of
recommendations to comply with the obligations of the Medical Device Act and the
FDA regulations. It is very specific, it is very detailed, and it took a long
time and a lot of effort to do it.

I see no reason why other trade associations could not assist in drawing from
the large operations to give to the smaller operations insight into how to have
a very particularly designed compliance program.

QUESTIONS & ANSWERS - WRITTEN

Bob Litt

Q. You mentioned that U.S. Attorney decisions after voluntary disclosure are
centrally reviewed, for consistency. What are the prospects for centralized
review of other types of U.S. Attorney decisions regarding prosecuting
corporations (e.g., compliance program worthiness), especially with
respect to large publicly-held companies?

A. As a model, the Food, Drug and Cosmetics industries have a 50 year history
of compliance with the provisions of the Food, Drug, and Cosmetic laws mandating
"the highest standards of foresight and vigilance" in meeting
statutory requirements. Consider the Health Industry Manufacturer Association,
a trade group for medical device manufacturers. HIMA developed and formulated a
corporate compliance policy for all of its members. As a service, HIMA makes
the policy available and helps firms customize the plan to their needs.

Proposed prosecutions of corporations (but not individuals) who have made
voluntary disclosures under the Department of Defense Voluntary Disclosure
Program are centrally reviewed by the Criminal Division of the Department of
Justice. Requests for review of other decisions to prosecute corporations for
policy reasons may be made to the Criminal Division in matters within the
Division's jurisdiction. However, the primary prosecutive authority rests with
the United States Attorney in the district where the charges are being brought.

Q. Do you see any value in a self-audit privilege?

A. Although the Criminal Division fully supports the use of self-auditing as a
means to obtain compliance with the law, we oppose the creation of evidentiary,
discovery or testimonial privileges for self-audits. Such privileges would
shield criminal misconduct, authorities, and be contrary to the goals of
corporate "good citizenship," i.e., disclosure and
cooperation. It would make enforcement of the law more difficult by interfering
with the ability of law enforcement to obtain evidence relevant to their
investigations and to their ability to quickly ascertain the facts. In
addition, a self-audit privilege undoubtedly would lead to protracted litigation
involving privilege issues, and would be susceptible to abuse. For example,
corporations may claim that normal day-to-day business practices constitute "audits"
in order to avoid disclosure of wrongdoing. Also, the privilege may be invoked
to bar the use of evidence even against rogue employees who engaged in criminal
conduct against company policy.

Q. In light of your remarks about companies needing to turn over reports,
investigation results, etc. - how does a company reconcile this governmental
position with the "promise of confidentiality" "good citizen"
companies make to their employees to encourage internal self-reporting?

A. Most companies today, particularly those that participate in the Department
of Defense's Voluntary Disclosure Program, feel that they are ethically if not
legally obligated to advise their employees that their interviews are being
conducted under the corporation's attorney-client privilege and that the
company, at a later date, may choose to waive that privilege and provide the
employee statements to the government. As a consequence, most employees are
expressly told that this means that the company and the company alone decides
whether to disclose what the employees say.

From the government's standpoint, once a company has provided thorough and
full advice to their employees about their privileges and the possibility of
future disclosures to the government, it ordinarily is in the company's best
interest to waive its privilege and disclose the statements of some or all of
the interviewed employees. As I stated earlier, to gain credit for "god
citizenship," corporations must demonstrate their commitment to compliance
when it's painful as well as when it is easy.

Q. What is DOJ's position with respect to a corporation paying
(advancing/indemnifying) for counsel for an employee who is alleged to have
engaged in wrongdoing?

A. The Department of Justice recognizes that under the corporate laws of the
state of incorporation or in accordance with the corporate by-laws, most
corporations may indemnify or advance fees for corporate officers and employees
accused of wrongdoing, and sometimes are required to do so. In cases where
indemnification or fee advancement is discretionary, the Department would expect
corporate boards of directors to carefully scrutinize such action and to deny
such payments when appropriate. While these decisions should be made by the
corporation's board, and the government does not require that any particular
action be taken, a corporation that seeks the benefit of cooperation with the
government has a burden of showing that it is not providing financial support to
wrongdoers.

Q. Yesterday, a lawyer familiar with the National Medical Enterprises case (in
which your division was involved) criticized the compliance requirements the
government exacted from the company to resolve the case. He said these
requirements might actually undermine the company's development of a corporate
culture supportive of law abidance. How do you know when you exact compliance
requirements in cases like this that the requirements are sound?

A. The compliance program adopted in the National Medical Enterprises (NME)
case resulted from lengthy negotiations between the Department of Health and
Human Services and NME, and was intended to address the specific problems
uncovered during the investigation. We believe that NME would not have agreed
to the terms of this compliance program if it did not believe the program was
appropriate. As a general matter, DOJ is not interested in imposing
unreasonable conditions upon any company. The government and companies share
the common interest of adopting compliance programs that will most reasonably
ensure that the company's future operations are conducted in a fair, ethical and
legal manner. Each case will be examined individually, and compliance programs
will be tailor-made to fit the facts and circumstances. Indeed, in the more
recent settlement involving Caremark, the compliance plan was different from the
NME compliance plan.

Q. To what extent will the government work with the corporation to maintain
confidentiality of sensitive documents while allowing the government to obtain
the information it needs or wants? Has DOJ considered adopting policies that
would enable a "good citizen" corporation to fully cooperate without
the punishment of having sensitive documents become publicly available?

A. It is legally difficult for the government to maintain the confidentiality
of documents provided by a corporation against third parties seeking access to
such information. The current case law clearly suggests that the company waives
privileges such as the attorney-client privilege if disclosure is made as a part
of a voluntary disclosure, although as noted above, grand jury proceedings
themselves are secret. The Department has not considered adopting policies, nor
has it sought legislation, that would provide for a limited waiver.

Q. In law, defendants are presumed innocent until proven guilty. Yet
corporations - to get the credit under the guidelines - must consider their "guilty"
employees as guilty and fire them, rather than defend them. Can you reconcile
this apparent contradiction?

A. We do not view this as a contradiction. As a sound business practice,
corporations should question whether to continue employment relationships with
employees who have knowingly violated company polices, state or federal civil
laws, or who have engaged in criminal conduct. The decision whether to fire or
otherwise discipline errant employees rests within the sole discretion of
corporate management and is based on numerous factors, such as the employee's
position within the company, the duration and impact of improper conduct,
whether company policies are violated and whether the employee has engaged in
other wrongdoing. Under many circumstances, conduct need not even be deemed
criminal to warrant dismissal. While the government generally will view in a
more favorable light those corporations that discipline or terminate employees
who have engaged in criminal activity, the government does not and will not
require that any particular course of action be taken.

Q. Does "full cooperation" mean complete adoption of the Justice
Department position (i.e., full mea culpa) or can a corporation
cooperate fully and still preserve its defenses and those of its employees?

A. There are no Departmental standards governing "full cooperation"
by corporations, and prosecutors will consider each situation on a case-by-case
basis, including the assertion of privileges such as attorney-client and work
product. However, where prosecutors suspect or have evidence that corporations
or their employees are withholding critical evidence, seriously misrepresenting
facts or obstructing the government's inquiry, they will demand more cooperation
from the company. Moreover, "full cooperation" by the corporation
does not mean protecting wrongdoers. If a corporation expects to receive the
benefits of full cooperation, it will be expected to provide full information
about its culpable officers and employees, and take whatever disciplinary action
it deems appropriate.

Q. It is my understanding that at the time of drafting the organizational
guidelines, the Department of Justice was not very supportive of compliance
programs - i.e., DOJ did not think they should get much credit. What
factors have influenced the shift in perception of these programs so that now
DOJ believes there should be a baseline requirement?

A. The Department of Justice has not had a shift in philosophy about
compliance programs. The Department proposed its own organizational sentencing
guidelines to the Sentencing Commission during the development of Chapter Eight.
Our proposal would have provided a significant reduction in the fine for an
offense that "represented an isolated incident of criminal activity that
was committed notwithstanding bona fide policies and programs of the
organization reflecting a substantial effort to prevent conduct of the type that
constituted the offense." Thus, the Department recognized compliance
programs as a basis to reduce fines. However, under the Department's proposal,
the reduction could have been given only if the offense was an "isolated
incident of criminal activity" committed despite the compliance program.
We did not want to give credit to a program that repeatedly failed to do its
job. There has not been a shift in this philosophy. If a program repeatedly
fails to do its job, we would have to question whether it constitutes an "effective
program to prevent and detect violations of law" within the meaning of
Section 8A1.2.

Q. Please comment on Bill Lytton's comment regarding the inherent conflict
between qui tam actions and internal compliance programs. Specifically,
individual greed versus sponsoring a corporate culture of good citizenship. Why
not require notice to a company with a legitimate compliance program before an
employee is permitted to file a qui tam action?

A. Notwithstanding the existence of a compliance program, for various reasons
employees may have little confidence that their allegations of wrongdoing will
be taken seriously and may believe that they will be disclosed in due course to
the government. There may be legitimate fears that going to the company before
reporting the fraud to the government may lead to destruction of documents and
suppression of relevant evidence. Thus, a requirement that employees report to
the company in all cases could well discourage employees from coming forward at
all.

Moreover, Congress amended and liberalized the qui tam provisions to
provide monetary incentives and other protections from retaliation or other
employment discrimination to those who have information about fraud against the
government. Requiring a plaintiff to first report allegations to the
corporation before he or she is permitted to file a qui tam action
creates the very disincentives that the Act was intended to eliminate; that
requirement exposes the employee to possible retaliation from the employer for
reporting the fraud, and thus discourages employees from coming forward with the
information. By allowing the employee to file suit under seal and allow the
government to undertake an investigation, the employee's allegations can be made
without the fear of recrimination. However well-intentioned a corporate
compliance program, certainly the perception of some employees in the corporate
world is that allegations may not be taken seriously or pursued in an
appropriate fashion if they must be given first to the corporation.

All Panel Members

Q. There have been a number of high profile cases in which DOJ has announced a
decision not to prosecute a corporation because of its compliance efforts (e.g.,
Salomon Brothers, Sega Corporation in New York). Have there been cases in which
DOJ has announced a decision
to prosecute a high profile corporation because of non-compliance with
the guidelines? Would this encourage compliance in the corporate community
generally?

A. (Robert Litt) Prosecutive decisions are based on a variety of factors. We
do not base decisions not to prosecute solely on a company's compliance program;
rather, the existence of a compliance program is one factor to take into account
in a prosecutive decision. Similarly, decisions to prosecute a corporation are
not based solely on the failure of compliance programs, but that is a factor
that can be considered.

Q. What is the process for determining the culpability score in both consent
decrees as well as in those matters that go to trial? For example, who
determines whether or not the organization had an "effective program?"
Is there a standard form that is used by the court or an agency that
mechanically calculates the score?

A. (Robert Litt) The sentencing court determines the culpability score, after
consideration of evidence concerning the company's compliance program presented
by the government and the corporation. A company may want to enter into
stipulations with the government concerning factual matters about its compliance
programs and policies. Compliance programs will be the subject of intense
scrutiny by the government during the criminal investigation. The government
will ask the necessary questions to satisfy itself that the program is not
merely a "paper program."

Q. Would you subpoena (or seek voluntary disclosure of) any corporate
compliance program from a target corporation before entering into plea
negotiations?

A. (Robert Litt) We would expect corporations to voluntarily provide us with
their written compliance programs if we have reached the stage of plea
negotiations, and it probably would be in the company's interest to demonstrate
the existence and effectiveness of their programs. In our experience,
information concerning corporate compliance programs generally is made available
to the government.

COMMISSIONER MICHAEL S. GELACAK: It is my pleasure to introduce today's
keynote speaker. He is a distinguished member of the bar and a force in the
financial services marketplace. Our speaker today is a graduate of the
University of Pennsylvania's Wharton School, as well as New York University's
Law School. He is a former Assistant United States Attorney in the Criminal
Division for the Southern District of New York. He has served as the New York
regional administrator for the Securities and Exchange Commission. And he was
appointed by President Reagan to the Board of Directors for the Securities
Investors Protection Corporation. He is a past Chairman of the Board of
Governors of the National Association of Securities Dealers and is now a member
of the Board of Directors of the New York Stock Exchange.

He is presently the Vice Chairman of the Board of Merrill Lynch & Company,
Incorporated, and Chairman of the Board of its broker-dealer subsidiary, Merrill
Lynch, Pierce, Fenner and Smith.

MR. HAMMERMAN: Thank you very much, Mike. I am truly honored to have been
asked to participate in this important program, and I got a piece of the program
today. I was trying to get into the morning session, but it was standing room
only and you couldn't get past the door, which is a compliment to Mike and Win
who have put this program together.

When one reads the press, it appears that crime is rampant in the corporate
world and that it is a new phenomenon. First, I do not believe that crime is
rampant. I think that most people and most corporations are law-abiding and try
to do the right thing. Second, what we read about is not a new phenomenon. The
fact is that if crime were new, we would not have the Ten Commandments. We'd
have the Ten Suggestions. But the fact that wrongdoing might have existed since
Adam and Eve does not make it of less concern.

Regardless of what industry one is in, and no matter how good a reputation for
integrity one might have, any attack on a corporation's integrity will result in
the loss of confidence on the part of its important constituencies. For
example, we have in the United States the strongest capital markets in the
world. This is because our markets have integrity. Any hint that our markets
lack integrity will result in a lack of confidence which will diminish our
effectiveness as a nation. This is also true of any business. Before the
sentencing guidelines were even thought about, we in the securities business had
an expression that good compliance is good business.

We are, I dare say, in the securities business the most regulated industry in
the world. We are regulated by the SEC, by the United States Attorney's
Offices, by the states' attorney generals offices, securities commissioners,
self-regulators like the New York Stock Exchange, and the NASD.

However, you could wipe away all this regulation and still be left with one
principal regulator: the corporation itself. Any corporation that doesn't
believe that it is its own chief regulator will not remain in business. There
should be a race to the top and not to the bottom when it comes to compliance
standards. Perhaps this is what Judge Stanley Sporkin expressed as the "do
the right thing" principle. A race to the basement when it comes to
compliance might provide corporations with some short-term monetary savings and
gains; however, history has taught that in the long run it is doomed for
failure.

Just read Burning Down the House, which is the fall of E.F. Hutton in
our business, or Serpent on the Rock, a book which just came out about
how a limited partnership scandal cost a company almost $2 billion.

Statements of principle like "good compliance is good business" have
been proven to be true and are very important to help guide decisions made in
the corporate world. I believe that it is very important for a good corporate
culture to have established principles which are conveyed to employees, clients,
and others by saying these are the principles we believe in and any deviation
from these principles is not to be tolerated.

Now, having principles is important, but I think they have to be established
in the context of a true story. This man was riding a Rolls Royce over a
mountaintop, and all of a sudden the Rolls Royce hit a rock, and the Rolls Royce
went over the mountain. And as the Rolls Royce was going down with the driver
in it, the front door by the driver's side opened up, and the man miraculously
fell out of the Rolls Royce. And as the Rolls Royce crashed to the bottom, the
man grabbed onto a branch, and holding onto that branch, he looked up to the
sky, and he said, "Lord, save me." And a voice boomed down and said, "Save
you? Why should I save you? You're a bum." And he says, "Lord, save
me. I won't be a bum." He says, "No, you don't take care of your
wife; you don't take care of your children." He says, "Lord, you save
me, and I'll be the best husband and father that they can ever find." He
says, "I have no reason to save you," the Lord said, "because you
give no charity. You're a wealthy man." He says, "Lord, I'll give
all my money away to charity. Just save me."

The voice came down again, he said, "I can save you, but you have no
faith. I have no reason to save you." And he looked up and he said, "Lord,
save me. I have faith." And a voice came down and said, "You have
faith?" The man said, "Yes." He says, "If you have faith,
let go of the branch." And the man looked up and he said, "Are you
crazy?"

Now, that is a true story - it was true because it was in the press.

That true story illustrates the difference between words and actions. Now,
the philosophy of any corporation should be that no one's personal bottom line
is more important than the reputation of the corporation. All of us in
management are responsible for making certain that at our institutions actions
speak louder than words.

Any impairment of our reputation results in a direct negative impact to our
bottom line and the price of our stock. There is no way we can reach the
corporate goals that carry out the strategies if our reputation for integrity is
tarnished.

It is to be expected that in any organization, whether it be the corporate
world or in government agencies, there will be some individuals who will violate
policies and rules. However, how our clients, our fellow employees,
shareholders, and regulators will view our behavior in the corporate world
depends upon two things:

First, did we create a working environment that told people and taught people
that at our company we do not tolerate violative behavior? Because if we create
an environment where we say the rights words but we permit the wrong actions, we
have a problem. If we create an environment where the penalty for a violation
depends on whether or not the person is a big or small producer, we have a
problem.

The second important criteria by which we are judged is how we handle a
problem once it is discovered. If a problem comes to our attention, we must act
on it, no matter who the individual is that is involved, whether it is the
chairman of the board or whether it is a clerk in one of the functioning areas
of the firm. A problem handled at an early stage may be a little difficult to
swallow, but if you cover up the problem, well, when that problem surfaces - and
it will surface - that problem becomes indigestible.

Management in business must set the tone every day for how our people should
behave. Even allowing an employee to exaggerate or lie when it comes to travel
and expense reports, or misuse cab services, only lets the individual mistakenly
believe that rules exist only to be broken. You know, it would be like being at
home and lecturing to your child about not stealing from the candy store while
you're driving off with a towel that you just took from the Hilton Hotel.
You've got to be consistent. You cannot be inconsistent.

I think the same is true of our responsibility regarding employees whose
personal traits can affect our clients and our business. It is our business if
someone dealing with our clients has a gambling addiction. It is our business
if someone dealing with our clients has a drug addiction. These problems we
must deal with. They cannot be buried.

You know, in business we have what's called ROE, return on equity, which
determines our financial success as a corporation and in many ways the price of
our stock. ROE, return on equity. But I believe there's also an ROI, a return
on integrity. Perhaps we cannot calculate a return on integrity, but let
integrity slip and take second place to revenue, then it will cost us more than
the dollars. The cost would be fatal. In fact, increasing our return on
integrity will almost guarantee without question increasing our return on
equity.

Now, how does a corporation make certain that its ROI, that is, return on
integrity, keeps improving? Is it sentencing guidelines? Is it more rules or
standards? No. What is important is that an environment for doing the right
thing exists, and it must start at the top. It sounds obvious. It sounds like
a cliche. But it's true. If true, you ask, why isn't it working?

Well, it is working, but it needs help once in a while. This help comes in
the form of a strong and effective legal and compliance department in a
corporation. The foundation of an effective legal and compliance effort is
formed by where or whom the counsel reports to. Where an individual reports
reverberates throughout an organization.

For best results, it is my view that reporting to the CEO, the chief executive
officer, lets everyone know the importance of the legal and compliance function
within the organization. But where an individual reports is only part of the
solution. Whether the general counsel or compliance person is an activist or
passivist is critical to the success of a corporation.

I think that the regulators of the '90s are looking at the '80s and are
convinced that many of the ethical problems of the last decade have occurred in
part because lawyers, both inside and out, and compliance people may not have
done the right thing when the opportunity presented itself.

Now, having the job of general counsel or compliance officer is not an easy
task. We know that. And we also know that the most difficult time to get
people's attention to compliance is when business is very good or when business
is very bad. When business is very good, people don't have patience for the
impediments we want to impose. When business is very poor, the business people
don't have the stomach for our impediments.

The signals of the struggle of the people in the compliance area appears in
phrases such as, "You're killing my business. The other Brand X firms let
the people do it"; or "If we don't do this type of business, we might
as well be out of business"; or "Thanks for the advice, but it's a
business decision to hire the bum or sell the product."

When these phrases start to appear, get ready because my 30 years of
experience in this business tells me that the following happens: one, the other
firm generally does not do it, including Brand X; two, you're better off being
out of business than being indicted when in it; and, three, it's not a business
unit's decision to destroy or even harm the reputation of our firms.

We as general counsel have a dilemma. Do we pigeon-hole ourselves and our
responsibilities so that we limit ourselves to advice that, if not followed, we
memorialize in a memorandum to show we oppose certain action? Or do we insist
upon being more of an activist and participate in preventing harm to our firms?

Whatever role we choose to take will depend upon many things, depending upon
the company we're in. But let me suggest to you, if something goes wrong,
someone, despite your memo, will insist that you should have been more of an
activist. We have to do our jobs right because we're going to be responsible
anyway.

By the way, I said that the general counsel should participate in correcting
the wrong. It is the highest executive for the business unit who bears the
primary responsibility for taking compliance action and to react if one of their
people does not adhere to good compliance standards. It is the job of the
general counsel or compliance officer to convince him or her of what is the
right action. Get the business executive to sign and send the memos on dealing
with compliance matters.

For example, in our business, it should be the executive vice president in
charge of investment banking that signs the memo cautioning against the misuse
of inside information. It is the business executive who pays the salaries and
the bonus, not the general counsel. General counsels do not have to live under
the edict, "publish or perish." It's the executives at the top level
who must believe law, and compliance must have immediate access to them. If
it's a public company, there is an audit committee of the board, and access to
that committee is also vital.

The top executives must show every level of a firm that good compliance is
good business. As lawyers, we should share with the business executives early
and realistically problems as they arise. Do not be afraid of the CEO who
doesn't like bad news. Teach him to swallow slowly. If you don't, you will, I
am afraid, become the scapegoat.

The efforts of the general counsel to push for strong compliance efforts
should never cease. Sometimes you have to push harder, although you have the
feeling no one appreciates you. And if I may, just talking about appreciation
and swallowing slowly, it reminds me of the story of the man who walks into a
restaurant, and he sees another gentleman choking on a bone. And he walks over.
This man is near death. And he walks over to him and says, "Take it easy,
sir. I'm a doctor. Let me assist you." And he takes a fork and he bends
the fork, puts it down the throat, and he pulls out the bone. He saves the
man's life.

The man, after gasping a little while, says, "Sir, thank you very much.
You saved my life. I must pay you for this service." He says, "Don't
be silly. It was just fate that brought me into this restaurant. You don't
have to pay me." The man insisted, "I'll pay you." He kept
insisting, "I must pay you."

Finally, the doctor said to him, "I'll tell you what. If you have to pay
me, why don't you pay me what you would have paid me when the bone was still in
your throat."

So all of you folks who are working in corporations understand. Believe me,
there will be plenty of bones to pull out.

As I said earlier, any corporation will have problems. A corporation should
be judged by how it handles that problem. Some actions by individuals have
clear-cut responses; others do not. To avoid being second-guessed by regulators
and to guarantee a fair approach in handling problems, I recommend the formation
of what we call a review committee.

In our company, our review committee is made up of the experienced folks in
the legal and compliance areas who review the facts and circumstances of an
apparent violation. After a full review, they sit with the business executives
of the area involved and recommend action to be taken. If agreement on the
action to be taken is not reached, the matter is elevated up the line. If the
review committee and the highest level manager still cannot agree, the matter
then comes to the executive vice president of that business unit and to me for
decision.

We have had the review committee in place since 1985. The review committee,
by the way, is not permitted, other than the person who has done the
investigation, to know the production of the individual that they're reviewing.
They must look at only the facts and not whether or not the person is a big or
small producer. But since 1985, although we've had this review committee that
has heard hundreds and hundreds of matters, only five matters have been sent up
for review to an executive vice president or myself.

This is the result, I believe, of the culture being understood by the managers
throughout the organization. And in our business we must report problems to the
regulators. We don't have the luxury, as some, to sort of cover it up. So
every time we've taken any discipline internally or there is a problem, we must
on a form report it to the New York Stock Exchange or the NASD so it gets
elevated. And I would say that in the ten years we've had this in place, not
one instance has ever occurred where a regulator has in any way disagreed with
the findings of the review committee and the business group. It works.

I'm a strong believer in an effective hotline. We have had a hotline in
effect years before the sentencing guidelines. Yes, there are serious concerns
and dangers that accompany a hotline. These should not be underestimated.
However, a hotline controlled by professionals who are experienced in dealing
with people and problems and are concerned with people's rights as well as
protection for the corporation is a very effective compliance tool. It is
effective not only because it gives employees a place to reveal possible
wrongdoing, but it gives employees an opportunity to vent frustration about
corporate policy. We take our general counsel's hotline very seriously. People
know that, and that's why it works.

But to have an effective compliance program, there must be a consistent and
sincere effort at education. Senior people in the organization should
participate in these education programs, and executives should constantly refer
to ethical standards while talking about the need for revenues. That's a very
important point I personally believe; that as we talk to our various people in
the business units about why we need greater production here or why we need to
go ahead and increase productivity over here, we must always build into that -
and the senior business people do - that that has to be done ethically and
meeting the philosophies of the firm with its high standards. Just talking
about revenues by itself gives a misleading impression that the corporation only
wants to generate revenues any way that it can get it.

Memos are okay in education, but eyeball-to-eyeball contact is the best way to
communicate compliance principles. Follow it up by real action when a problem
arises.

One of the areas where questions have been raised is whether or not
compensation practices create inherent conflicts of interest that result in
violation of the law. In our industry, this topic was addressed in 1994 by a
broad-based committee on compensation practices, which was formed at the request
of the Chairman of the SEC, Arthur Levin. The committee found that although the
existing commission-based compensation system works remarkably well for the vast
majority of investors, the prevailing compensation system inevitably leads to
conflicts of interest among parties involved. However, organization culture,
the committee found, is probably the most effective tool for creating the best
atmosphere that reduces the potential harm stemming from conflicts of interest.
The kind of culture which is created when senior managers articulate high
standards and communicate them through their own behavior and the administration
of firm-wide policies is necessary to mitigate against conflicts of interest.

The committee also found that having a strong compliance department is
essential for making certain that effective, preventive steps are taken to
ensure that the client's interests come first. It is also clear that
compensation plans that encourage appropriate supervision and behavior by
managers are vital to controlling conflicts of interest. A significant portion
of a manager's compensation should depend upon his or her compliance record.
Financial incentives can and should be used to encourage proper supervision by
managers.

It is also important to test one's compliance program on a periodic basis.
Stale compliance programs are not effective and can, in fact, be detrimental to
a showing of trying to create a good compliance environment. If you're an
industry like ours where new products can be developed in the amount of time it
takes to take a shower, that new product or business should not commence until
compliance has developed standards and procedures to detect possible problems.

Let me say that under the heading of there's always somebody out there who
thinks that the glass is half full, I recently read that there is concern that
industry officials comparing notes on how to fight corporate misconduct could
amount to collusion among companies to lower standards. Nonsense. I have found
that after being in the securities business since 1968 that one of the most
effective ways to enhance and sharpen one's compliance programs is to share
programs, information, and problems with other firms. I do not believe there is
competition when it comes to compliance.

As I said earlier, there should be a race to the top and not to the bottom
when it comes to compliance standards. I have never seen or observed a race to
the bottom in the securities industry. The Securities Industry Association,
which holds seminars and workshops which have become such a significant success,
always worked toward the goal of high standards. Anyone with an attitude that
lowers standards in compliance as the way to do business has a short career.

So, yes, let's get together and talk. Competitors and regulators should share
their views and experiences to help make our compliance programs the best in the
world, because that's where our competition is today - the world.

Before I close, let me say that government policies like the sentencing
guidelines should favor corporate compliance efforts, not to wake up
corporations but because it's fair. It's comforting to know that if a
corporation does face sentencing, it has something to mitigate its hurt.
However, what concerns me - and I was interested to hear Bob Litt's comments
this morning - is that if a corporation's compliance effort is sufficient to
mitigate sentencing, it should never have been indicted in the first place. The
mere threat of an indictment or leak of an investigation will today cause a
corporation to lose its clients, its creditors, and its employees. Sometimes
there is not sufficient sensitivity or knowledge on the part of the government
of the consequences of an indictment of a corporation. Sometimes it takes too
long to end the government investigation and give the corporation a clean bill
of health. Investigations that linger are like black clouds hovering overhead,
ready to rain disaster.

In fact, the sentencing guidelines have given some U.S. Attorney's Offices the
opportunity to say, okay, we will not criminally indict you, but we want X
millions in a civil settlement for this privilege, as if reading a headline in a
newspaper that X corporation paid a $20 million fine is not damaging. It is
extremely damaging.

I strongly urge government agencies, when considering vicarious liability, to
understand the corporation and the efforts it has made to be a good corporation
citizen and understand the corporation's business in the context of a violation
while reviewing the facts before indictment and at an early stage of
investigation.

We all know what the law is, but if a corporation has created the right
environment and has lived by its philosophy of doing business the right way, it
should not be subject to attack because some individuals violated the law. I
believe that the long-term senior management attitudes transcend economic
conditions and dramatic events such as major litigation or regulatory actions in
determining a firm's commitment of resources towards good compliance and,
accordingly, long-term success.

Senior management's belief and emphasis on return on integrity will guarantee
that good compliance filters throughout an organization. Today, good compliance
is not just good business, it is vital to stay in business. Thank you all very
much.

MR. SWENSON: With the new emphasis on corporate compliance efforts, some
compliance practitioners are arguing that this is a classic case of no good deed
goes unpunished. The better a company is at critiquing its own compliance
practices, the argument goes, the more vividly the company draws a road map to
its own liability.

The argument has certainly found receptive ears in state legislatures where a
number of states have enacted statutory privilege laws, and I guess the question
is: "Does the argument have merit? And if so, how should the problem be
addressed?"

This afternoon we have two views that we are going to present. We will hear
first from Commissioner Michael Goldsmith, whom you have already met, one of the
organizers of this conference. Commissioner Goldsmith is certainly someone
about whom you can say he has had varied experiences.

He served as counsel to the New York State Organized Crime Task Force, as
Assistant U.S. Attorney in Philadelphia, and as senior staff counsel to the
House Select Committee on Assassinations. He currently teaches law at Brigham
Young University where he specializes in, among other subjects, privilege and
evidentiary law. He will offer some commentary on existing law in this
increasingly important area. Commissioner Goldsmith?

COMMISSIONER GOLDSMITH: Thank you, Win. My topic this afternoon is concerned
with the question of disclosure and, more specifically, under what
circumstances, if any, might compliance practices be subject to mandated
disclosure in the courts. The reason that my colleagues assigned me this
particular task, I think, is because they candidly acknowledge that there is no
answer to that question.

You've heard a lot at this point, I suppose, about the carrot and stick
philosophy underlying the sentencing guidelines. The stick, of course, is the
very severe fines that apply in the context of the organizational guidelines.
When an organization violates the law, the fine range is based upon the
seriousness of the offense and the organization's culpability. Typically, what
that means is that the greater culpability score, the more that you pay by way
of a fine.

The carrot, by comparison, is achieved by creating an effective incentive for
corporations to follow; more specifically, if corporations establish an
effective program to prevent and detect violations of the law, then an
organization may reduce its potential fine substantially if a criminal violation
occurs.

However, the compliance practices contemplated by the guidelines pose
disclosure and liability risks. The rest of my remarks are basically a long
footnote to this statement. By way of example, two recent cases:

One is a case entitled Slender v. Lucky Stores back in 1992, which
held that corporate compliance programs are subject to discovery. In the Lucky
Stores case, the company had received numerous complaints of alleged gender
discrimination. In response, they instituted an affirmative action program and
held training sessions designed to instruct managers on how to implement the
affirmative action program. The managers also met on several occasions to
review, comment upon, and modify the program. Well, in a subsequent sexual
discrimination lawsuit, the court held that the plaintiff was entitled to obtain
documents pertaining to this program.

Another case involved the Coors Brewing Company. Coors had conducted an
extensive internal study, which revealed excessive emissions of volatile organic
compounds. Notwithstanding the fact that such emissions were previously unknown
both to major breweries and to regulators, the voluntary disclosure of its study
by Coors ultimately resulted in a fine of $1.05 million. (This was not a fine
under the guidelines, but a fine imposed by the regulators.)

These two decisions occurred at a time when many corporations had, in fact,
begun to institute compliance programs designed to identify and redress
potential wrongdoing. Though such programs were obviously crucial to
management, such audits oftentimes produced highly incriminating materials.
Once these materials come to the attention of corporate officers and counsel,
the guidelines in effect require the company to consider the agonizing question
of whether to disclose this evidence to federal government prosecutors.

When you address that issue, there are a number of broad considerations that
come to mind. Of course, there is the carrot, the incentive offered to you by
the guidelines themselves. The fact of disclosure will allow you to obtain a
better culpability score. Disclosure also avoids the potential risk that you
will subsequently be accused of obstruction of justice and thereby incur an
enhancement under the guidelines for obstructing justice.

Resolution of this issue, standing alone, is tough enough, but you have
further complications because disclosure may cause other litigants to bring an
action against you. Thus, even if the government chooses ultimately not to
prosecute, or even if you get the benefit of a reduced culpability score, all of
a sudden you may face a third-party lawsuit, either by a private litigant or by
another governmental entity, a state regulatory agency, for example.

Moreover, if you choose not to disclose, there may not be any adequate legal
basis to withhold such information from criminal investigators. Because this
uncertainty hampers the effectiveness of any compliance program, it potentially
undermines the incentive-based organizational sentencing guidelines.

(Incidentally, even though I'm going to be addressing the guidelines in this
context and the issue of disclosure and disclosure risks, I want to emphasize
that I'm speaking to you here today in my capacity, I suppose, as a law
professor and, further, in my capacity as a Commissioner, but that my views in
terms of the legal analysis here don't reflect the position of the Sentencing
Commission per se. They reflect my own views, and I don't want to be
binding the Commission by virtue of whatever this academic presents to you.)

Let's talk a little bit about creating a compliance program under the
guidelines. Chapter Eight of the guidelines, of course, governs the sentencing
of organizations for felony and class A misdemeanor offenses. The guidelines
further set forth requirements for an effective program to prevent and detect
violations of the law.

Generally, an effective compliance program must prevent and detect criminal
conduct. However, the failure to detect criminal conduct does not automatically
make the program ineffective. Rather, the hallmark of an effective program is
that the organization exercise due diligence in seeking to prevent and detect
criminal conduct by its employees and other agents.

Due diligence essentially requires the following: that the company establish
compliance standards and procedures reasonably capable of reducing criminal
conduct; that the company communicate the standards and procedures to all
employees through training programs or publications that describe the practical
application of the standards; that the company conduct audits designed to detect
criminal conduct; that the company consistently enforce the standards through
disciplinary mechanisms; and, finally, that the company take all reasonable
steps to respond appropriately to the offense and to prevent further similar
offenses, including making any necessary modifications to its compliance
program.

The problem that you folks face is: how does one create and conduct an
effective compliance program without producing a smoking gun for opponents to
use in future litigation.

As Joe Murphy may discuss with you, at least in part, in his presentation
later this afternoon, how do you avoid getting beaten with carrots or forced to
eat the sticks that underlie the guidelines system?

Let's talk a little bit about how materials might be protected under a variety
of sources of law. First of all, the law of privileges. Privileges, as you
folks will recall, at least those of you who took the basic course in evidence,
are typically disfavored. They are disfavored because they serve to keep out
highly relevant information. For the most part, the courts will construe the
law of privileges narrowly and will recognize a privilege only when it is
clearly warranted.

Now, there are a variety of reasons for this, but in part you can all thank
Richard Nixon for that proposition, because the Supreme Court in U.S. v.
Nixon established the principle or at least recognized once again the
proposition that the government is entitled to every person's evidence. In that
light, a privilege will typically be construed quite narrowly.

Now, the privilege that most obviously comes to mind in this context is the
attorney-client privilege, which protects confidential communications between an
attorney and client. Ordinarily, the law requires four factors to be present
before the privilege will be recognized:

the privilege holder must, in fact, be the client or someone seeking to become
a client;

the communication must be with a licensed attorney who is acting as a legal
counselor;

the communication must be confidential;

and it must relate to the rendition of professional legal services.

Now, these requirements trigger a variety of potential obstacles in our
immediate setting. For example, as a practical matter, attorneys oftentimes
lack the skills to conduct a proper investigation. This is especially the case
where the corporation or collective entity is somehow involved in highly
technical work. Lawyers don't always have the scientific background or the
mathematical or technical background to understand the everyday functions of an
organization's activities. Consequently, oftentimes you will need a trained
person, someone trained in the particular workings of the corporation's affairs
rather than legal matters, to conduct this investigation. Oftentimes, as a
result, many compliance programs do not involve attorneys.

Furthermore, if the attorney is viewed as acting as a business advisor rather
than as a legal counselor, the privilege will not apply.

In addition, because of conflicting case law, under the attorney-client
privilege, management cannot be assured that its discussions of problems or
remedies in the presence of other employees will be protected. As a result,
management might not be able to advise employees about the results of internal
audits, nor can these results be used in training materials for employees
without the risk of waiver. Unfortunately, however, the guidelines at least
implicitly seem to require such disclosure in order for employees to be
effectively trained. Thus, the attorney-client privilege is an imperfect tool
in this context.

What about the work product doctrine, which protects the opinions or mental
impressions of attorneys in connection with litigation? That is a potential
shield from disclosure, but the difficulty is that oftentimes compliance
programs are not done in connection with immediate litigation. Indeed, the very
purpose of the compliance program is to avoid litigation. Consequently, the
work product doctrine may not be applicable.

Now, another speaker earlier in the program made reference to an ombudsman's
privilege, which a few courts have recognized. However, that privilege is not
widely recognized, at least not in the reported cases; and even where it has
been accepted, it won't cover those situations where the compliance officer is
not serving as an ombudsman.

I suppose the best potential gap-filler in this context is what has come to be
known as the self-evaluative privilege. To promote corporate audits, some
courts have begun to fill the gap in privilege doctrine by recognizing a
self-evaluative privilege which protects audits and other materials from
discovery when public policy outweighs the judicial system's need for access to
that information. This evaluative privilege is designed to encourage
self-analysis and self-criticism by a corporation.

Unlike the attorney-client privilege, the self-evaluative privilege does not
require attorney involvement or any intention to engage in litigation. This
privilege has evolved in the federal courts in part because Rule 501 of the
Rules of Evidence allows the federal courts to create, in effect, a federal
common law of privilege. The drafters of the federal rules anticipated a fluid
set of privileges that would evolve over time in response to changing
circumstances.

Even before the adoption of the federal rules, at least one federal court
recognized at least a qualified self-evaluative privilege. The case, of course,
is in the materials, and it's called Bredice v. Doctors Hospital.
Sometime in the late 1960s, Doctors Hospital experienced what has become known
in the trade as a "therapeutic misadventure." Of course, that means
the patient died. And upon the death of the patient, the hospital established a
committee to review hospital procedures and to improve patient care.

In a subsequent malpractice action, a plaintiff requested all minutes,
reports, and data concerning the patient's death. The court, in response,
recognized a qualified privilege to protect that committee's minutes and reports
from discovery. The court found that three elements must exist to sustain this
privilege: first, the information must result from a critical self-analysis;
second, the free flow of this information must advance some public interest; and
disclosure must curtail the free flow of this type of information.

Based upon the Bredice doctrine, subsequent federal courts in a
variety of contexts have recognized a limited self-evaluative privilege. Now, I
say it's limited because it may be overcome on occasion by a showing of need.
This type of privilege has been recognized, for example, in the context of
medical peer review committees, railroad safety investigations, tenure
decisions, and related situations.

The difficulty, however, is that the application in the courts has been
uneven. Some courts have held that these materials must be prepared for a
mandatory purpose, meaning, in other words, that the government has mandated the
compliance program or preparation of the materials at issue. But there is a
conflict of authority as to whether the compliance program must, in fact, be
mandated.

Other courts have said that this type of privilege exists only if the program
is a voluntary one. And, of course, what about the sentencing guidelines, which
do not mandate these compliance programs, but give due credit for their
existence?

Further, some courts have said that this material is limited to subjective,
evaluative information generated internally. This creates problems defining
what constitutes subjective data and purely evaluative data. And how do you
deal with a situation in which you have a report that contains both subjective
and objective material?

Some courts have further limited this privilege by holding that it is limited
to situations involving public health or safety. Finally, others have said that
under no circumstances will they recognize this type of a privilege when it is
being asserted in response to a subpoena issued by a federal agency; and in my
mind, by implication, in response to a subpoena issued by a grand jury.

As a result, we have a situation in which some courts have recognized the
privilege, others have not, and inevitably we have a situation in which the
outcome is going to be uncertain.

What is the best response to this situation? Well, in part, I can tell you
that there are bills pending before Congress, at least in the environmental
context, to enact legislation that will establish a limited self-evaluative
privilege. On the state level, a number of states have likewise begun to
consider this issue. But, again, keep in mind that even if the states are
successful, a state privilege, while valid under state law, would not ordinarily
be valid in response to a subpoena issued by a federal agency. Consequently,
state legislative relief will not be fully comprehensive for your purposes.

What do you as counsel do under these circumstances? Well, I think that what
you've got to do, I suppose, is engage in the intolerable labor of thought. You
need to figure out a solution. In part, I think what you've got to do is make
the argument that the attorney-client privilege applies as broadly as is
possible. In a situation, for example, when you have not engaged in the
communication with the employee, but someone has acted for you, make sure that
you have taken the proper steps to designate that interviewer as your agent so
that that individual would fit within the umbrella of the attorney-client
privilege.

Second, make sure that you are stressing the confidentiality of the
communications at all times.

And, third, go back to the law books and re-read the Supreme Court's decision
in Upjohn v. U.S. (1981). It will provide you with a lot of very
useful text for two reasons: first, it will help you argue that the
attorney-client privilege deserves to be broadly applied; and, second, the Upjohn
decision, at least from a policy standpoint, provides good arguments in support
of the adoption of the self-evaluative privilege.

The Upjohn case involved an internal investigation by Upjohn
concerned with whether any of its employees had violated the Foreign Corrupt
Practices Act by making improper payments to foreign officials. Its attorneys
prepared a questionnaire for area managers, asking them to provide full
information concerning questionable payments. The managers complied, and as a
result of the investigation, the company filed a report with the SEC and the
IRS.

Consequently, as soon as the IRS got this report, it issued a summons to the
company seeking access to all the underlying questionnaires as well as all
interview notes with company employees.

The company asserted the attorney-client privilege. The Court of Appeals
eventually rejected the privilege, reasoning that the privilege did not apply to
the extent that the communications were made by employees who were not
responsible for directing Upjohn's actions in response to legal advice.
Establishing, in other words, a control group test as a means of limiting the
attorney-client privilege.

The Supreme Court rejected this control group test and, in doing so, broadly
endorsed the principles underlying the attorney-client privilege. The court
said that this privilege is the oldest privilege in our law. In a corporate
context, furthermore, frequently the employees with the critical information
will be beyond the so-called control group. We don't want to force a Hobson's
choice upon counsel. Specifically, if counsel interviews employees outside the
control group, the privilege will not be recognized. On the other hand, if
counsel chooses not to interview those individuals, counsel will not get full
information necessary to render complete advice to the company.

As a result, the court said that the narrow scope afforded the privilege by
the control group test "threatens to limit the valuable efforts of
corporate counsel to ensure their client's compliance with the law." The
court also observed that corporations, unlike most individuals, constantly go to
lawyers to find out how to obey the law, particularly since compliance with the
law in this area is hardly an instinctive matter. That's still true under the
sentencing guidelines. No one has told me that the guidelines have made law any
easier to apply. Not yet, anyway.

Finally, the court said that an uncertain privilege or one which purports to
be certain but results in widely varying applications is little better than no
privilege at all. On that basis, the court rejected the control group test,
applied a broader analysis for trying to define the circumstances under which
the privilege ought to be recognized, and protected the communications. The
point here is that the Upjohn case, carefully analyzed by you, will
provide you with a basis both for arguing that the attorney-client privilege
ought to be broadly recognized in this context, and it gives you guidance also
as to how to set up your own internal compliance program in a manner that
conforms to Upjohn. Beyond that, Upjohn identifies the types of
policy considerations that you can use in trying to assert the self-evaluative
privilege by way of defense in this context.

Ultimately, however, I think the solution here is a legislative one. We need
for Congress to adopt the right type of a privilege that will provide you with
certainty in this context. Absent such a solution, the compliance initiative
undertaken by the sentencing guidelines may never achieve its full potential.
Thank you very much.

Creating a Compliance Program Under the United States Sentencing
Guidelines.

Chapter Eight of the Sentencing Guidelines governs the sentencing of
organizations for felony and Class A misdemeanor offenses. United States
Sentencing Commission, Sentencing Guidelines Manual 8A1.1 (1994) [hereinafter
U.S.S.G.].

A "carrot and stick" philosophy underlies the guidelines. See
Oversight on the U.S. Sentencing Commission and Guidelines for Organizational
Sanctions: Hearings Before the Subcommittee on Criminal Justice of the House
Committee on the Judiciary, 101st Cong., 2d Sess. 189 (1990).

The Stick.

When an organization violates the law, the fine range is based on the
seriousness of the offense and the organization's culpability. "The
seriousness of the offense generally will be reflected by the highest of the
pecuniary gain, the pecuniary loss, or the amount in the guideline offense level
fine table." U.S.S.G., Ch. 8, intro. comment.

The Carrot.

By creating and implementing an "effective program to prevent and
detect violations of law," an organization may reduce its fine if a
criminal violation occurs. U.S.S.G. 8C2.5(f); Winthrop M. Swenson & Nolan
E. Clark, The New Federal Sentencing Guidelines: Three Keys to Understanding
the Credit for Compliance Programs, 1 Corp. Conduct Q. 1 (1991).

Requirements for an "effective program to prevent and detect
violations of law" as defined by the guidelines:

However, failure to prevent or detect criminal conduct does not
automatically make the program ineffective. "The hallmark of an effective
program to prevent and detect violations of the law is that the organization
exercised due diligence in seeking to prevent and detect criminal conduct by its
employees and other agents."
Id.

Communicate the standards and procedures to all employees through training
programs or publications that describe the practical application of the
standards, id. 8A1.2, comment. (n.3(k)(4));

Conduct audits designed to detect criminal conduct, monitor employees, and
utilize a reporting system through which employees can report criminal conduct
within the organization without fear of retribution, id. 8A1.2, comment.
(n.3(k)(5));

Privileges are often narrowly construed and may be invoked only when
clearly warranted. SeeUnited States v. Nixon, 418 U.S. 683,
710 (1974); 8 John H. Wigmore, Wigmore on Evidence 2291 (McNaughton rev. ed.
1964).

Traditional common-law privileges.

Privilege against self-incrimination.

Prohibits a person from "being compelled in any criminal case to be a
witness against himself." U.S. Const. amend. V.

Problem: The United States Supreme Court ruled that this privilege is
inapplicable to organizations. E.g., United States v. White, 322 U.S.
694 (1944); Hale v. Henkel, 201 U.S. 43 (1906).

Attorney-client privilege.

Protects confidential communication between an attorney and a client. See
Upjohn Co. v. United States, 449 U.S. 383 (1981).

Typically requires four factors:

The privilege holder must be a client or someone seeking to become a
client;

The communication must be with a licensed attorney who is acting as a legal
counselor;

The communication must be confidential;

The communication must relate to the rendition of professional legal
services to the client.

Problem: Many compliance programs do not involve attorneys or confidential
requests for legal advice. In addition, under the attorney client privilege
management cannot candidly address problems or remedies in the presence of other
employees.

Problem: Many compliance programs are not conducted in connection with
litigation.

The self-evaluative privilege.

The self-evaluative privilege protects audit and other evaluative materials
from discovery when public policy outweighs the judicial system's need for
access to the information. The doctrine is designed to encourage corporations
to engage in confidential self-analysis and self-criticism. See Granger v.
National R.R. Passenger Corp., 116 F.R.D. 507, 508 (E.D. Pa. 1987).

Unlike the attorney-client privilege or the work product doctrine, the
self-evaluative privilege does not require attorney involvement or an intention
to engage in litigation.

Upon the death of a patient, Doctors Hospital established a committee to
review hospital procedure and improve patient care. In a subsequent malpractice
action, plaintiff requested all minutes, reports, and memoranda concerning the
patient's death.

The court recognized a qualified privilege that protected the committee's
minutes and reports from discovery. Three elements must exist to sustain this
privilege:

The privileged information must result from a critical self-analysis;

The free flow of this type of information must advance some public
interest; and

Absence of confidentiality must curtail the free flow of this type of
information.

Eight years later, in Webb v. Westinghouse Elec. Corp., 81 F.R.D.
431 (E.D. Pa. 1978), the federal district court for the Eastern District of
Pennsylvania delineated three different elements for the privilege:

The materials must be prepared for a mandatory government report;

The materials must be subjective and evaluative; and

Proponent must show that the public policy favoring the privilege "clearly
outweighs" the need for disclosure.

Courts continue to limit the privilege. For example:

The privilege will not apply if the organization voluntarily discloses the
material to a regulatory agency, see, e.g., In reSubpoena Duces
Tecum, 738 F.2d 1367, 1375 (D.C. Cir. 1984);

Some courts decline to recognize the privilege if the material is requested
by a regulatory agency under a subpoena, see Federal Trade Comm'n v. TRW,
Inc., 628 F.2d 207, 210 (D.C. Cir. 1980) (holding the self-evaluative
privilege inapplicable to subpoenaed information); and

Some courts hold that evaluative material will only be protected when it
involves public health or safety. See, e.g., Mergentime Corp. v. Washington
Metro. Area Transp. Auth., No. 89-1055, 1991 U.S. Dist. LEXIS 11080 (D.D.C.
Aug. 6, 1991) (declining to recognize privilege for this reason).

The self-evaluative privilege's protection is unnecessarily duplicative of
other incentives that promote corporate self-regulatory conduct, such as federal
regulatory requirements or industry standards.

The Environmental Protection Agency recently announced that it will not
treat corporate environmental audits as privileged business information.

The Securities and Exchange Commission does not recognize a privilege for
audit or other evaluative documents, although it will enter into limited waiver
agreements to protect such documents from civil discovery.

Proponents of self-evaluative privilege legislation point to the following
policies:

Corporations are more likely to conduct voluntary self-evaluative
investigations if the materials will be protected from private-party discovery;

Although all privileges increase the cost and burden to the opposing party,
granting a self-evaluative privilege will not increase the cost of discovery
enough to overcome the need for the privilege, see 8 John H. Wigmore,
Wigmore on Evidence 2291 (McNaughton rev. ed. 1964) (privileges are "an
obstacle to the investigation of truth"); Robert J. Bush, Comment, Stimulating
Corporate Self-Regulation--The Corporate Self-Evaluative Privilege: Paradigmatic
Preferentialism or Pragmatic Panacea, 87 Nw. U. L. Rev. 597, 635-37 (1993);

The privilege merely preserves the status quo. It essentially
leaves litigants where they would have been if the corporation had conducted no
evaluation, see Joseph E. Murphy, The Self-Evaluative Privilege,
7 J. Corp. L. 489, 496 (1982);

Empirical evidence indicates that attorneys and corporations are more
willing to perform investigations if they believe that their work will be
protected from discovery, see Vincent C. Alexander, The Corporate
Attorney-Client Privilege: A Study of the Participants, 63 St. John's L.
Rev. 191, 260-61 (1989).

Approximately one-third of the states have enacted an environmental audit
statute, and many legislatures have environmental audit legislation pending.
See Barry Goode et al.,
The Environmental Self-Audit Privilege, Preventive Law Reporter 36
(Summer 1995).

Under most of these statutes, when an organization conducts an audit to
determine whether it complies with environmental laws, all information and
reports produced in that audit are protected from discovery in any civil,
criminal, or administrative proceeding.

These statutes also require corporations to remedy violations discovered
during environmental audits.

In its recently enacted statute, Kansas is the first state to require that
the company maintain an effective program to prevent and detect violations of
law before environmental audit information may be protected. See 1995
Kan. Sess. Laws 204 (S.B. 76).

Comparison of the common-law self-evaluative privilege and state statutes.

While many courts only protect subjective evaluations from discovery, state
self-evaluative privilege statutes generally protect all information from all
parties, including the government.

Under most state statutes, the privilege can only be waived intentionally.

State statutes often assess heavy penalties to persons who distribute
privileged materials to third parties.

Kansas recently enacted a self-evaluative privilege statute that requires a
compliance program to be in place before information will be protected. 1995
Kan. Sess. Laws 204 (S.B. 76).

Conclusion.

THE COLORADO EXPERIENCE

MR. SWENSON: Our second presenter is Patricia Bangert. Ms. Bangert is Deputy
Attorney General for Natural Resources for the State of Colorado. In this role,
she oversees legal issues arising from the administration of Colorado's
environmental laws, and her topic today is a Colorado statute that one might
call ground-breaking. It was the first state statute that, under some
circumstances, permits companies the privilege and immunity from liability for
auditing and voluntary disclosure.

MS. BANGERT: Actually, I'm here with a partial answer to the disclosure
problem, and specifically, in Colorado, it's Senate Bill 139. What Senate Bill
139 does in Colorado in the environmental area - and everything that I'm going
to say is limited to the environmental area - is to do two general things:
first is to give a privilege to audits, to self-evaluative reviews that
companies voluntarily do in administrative, civil, and criminal contexts; and,
secondly, to go a step further than many of the other laws, other state laws,
and give a disclosure immunity, and the disclosure immunity is given to a
company that does a voluntary audit and finds a violation, discloses that
violation, and corrects the violation.

That's in general what the law does. Let me go into some specifics. One
thing I need to tell you first. This is an experiment. This is in the best
methods of states acting as laboratories for democracy, and that is, this law
begins in June of 1994 and ends in July of 1999. It is a five-year experiment
in audit privilege and disclosure immunity.

Specifically, as I said, it provides a privilege for environmental audits in
administrative and judicial actions, and those are actions brought by the
government or actions brought by third parties. There are a number of
exceptions to that privilege, though, that I have to point out.

One is it's not applicable if it's waived. Two, it's not applicable if a
court finds that the audit revealed violations which were not corrected. And we
think that this is really a major part of the law and a major selling point of
the law, and that is, that in order to get the privilege, companies must correct
any violations that they find in the course of the audit.

Third, if a court finds that an audit is done or was done for a fraudulent
purpose or to avoid discovery of a violation in an ongoing or imminent
investigation, the privilege will not apply. The privilege will also be
inapplicable if a court finds that there are compelling circumstances that would
require disclosure. I know that is an exception that might swallow the rule,
depending on how the courts define "compelling circumstances."
Unfortunately, we don't have a track record on that yet.

Also, the privilege will not apply if a court finds that there is some danger
to health or environment outside of the facility that would require the findings
in the audit to be made public.

Also, I have to point out that the privilege doesn't apply to documents that
are required to be reported to a government agency or documents that existed
before or after the audit. That's the privilege with all of its many
exceptions.

Turning to the disclosure immunity, what the law does, what S.B. 139 does, is
to say that companies that do an audit, discover a violation, promptly report
that violation, and correct the violation have immunity from administrative,
civil, and criminal negligence penalties and fines. An important thing to point
out is this does not preclude an agency from bringing injunctive or seeking
injunctive relief, and that is, an agency could still issue a corrective action
order under RCRA.

The disclosure immunity also does not apply to bad actors, and that's a
provision that's worded in a fairly clumsy manner, but for the most part applies
to people who have had multiple environmental violations over the past three
years.

That's the Colorado statute in a nutshell. What I want to turn to next is how
it has worked over the past year, since June of 1994. I would have to preface
this by saying everyone has pretty much walked on eggshells. Everyone wants
this to work. We've had about six instances in which companies have come into
the Department of Health, the regulatory agency in this case, and have asked for
disclosure immunity. We don't have any instances yet involving the privilege
aspect. I guess the issues there would arise if we, the government, would go in
and want information that was otherwise privileged under the statute. We
haven't had any experience with that yet.

In the disclosure immunity area, the process generally works as follows. A
company will send a letter to the Department of Health outlining in very general
terms a violation and asking for immunity. The company will then meet with the
Department of Health, who will ask for additional information about the
violation and about the correction of the violation. At that point there will
be some settled-upon method of correction, some path established toward
compliance. It may be that the violation is fairly minor and it's already been
corrected. Maybe it's a permit problem, operating without a permit. It may be
a more complicated violation.

At that point, the Department of Health would likely put the company on some
sort of a compliance schedule, either through a compliance order or some sort of
a settlement agreement.

Expanding beyond Colorado, as I think the Commissioner said, 14 other states
have audit

privilege bills. They may or may not also have disclosure immunity. Many
other legislatures - I think I heard 23 not too long ago - are considering such
legislation. We think that this is a very good sign that other states are
considering or have enacted such legislation. The problem for you is you have a
lot of different types of legislation out there, and that obviously creates
problems for companies that are operating in different jurisdictions.

For example, you may be operating in one jurisdiction that has disclosure
immunity and another that just has a privilege, or that has nothing whatsoever.
Consistency between state laws is something yet to be achieved.

The other thing I'd want to mention in stark contrast to the states is the
federal government position, and I assume you've heard a little bit about this.
The federal government does not recognize the privilege officially and does not
grant disclosure immunity. In the environmental area, this was vividly
emphasized in EPA's interim draft policy on self-evaluations.

In that draft policy, which was released just a couple months ago, EPA said it
does not recognize the privilege for audits; however, it will not routinely go
after audits to trigger an investigation.

Secondly, it is not going to grant disclosure immunity, but as a policy it
will reduce certain parts of the penalty in cases where a company has done an
audit, disclosed violations, and corrected those violations. Again, this is a
matter of policy. There was a long disclaimer at the end of their policy saying
maybe we will, maybe we won't. This is just a policy.

Today, I heard an EPA speaker in another conference say they're thinking about
trying to make this a little more firm, a little more certain. However, he is
not making any promises. The thing that struck us in the EPA policy was that it
came out very strongly against state laws that had privileges and immunities.
They said they didn't like us very much. What was even worse, because we don't
really care whether EPA likes us very much, is the fact that EPA said they're
going to scrutinize enforcement more closely in those states with audit
privilege laws.

What that has the potential to do is to pretty much scuttle state laws.
Here's the scenario. You come to us. You say, I violated the Clean Air Act; my
emissions are higher than my permit allows. We say, "Fine, correct the
violation, and go on your merry way."

Unfortunately, staff so far - and this hasn't gotten up to the highest levels
of the state, staff so far has interpreted the law as saying the following: "When
you come in to give us the information and you get the disclosure immunity, the
information you provide us is a public record." That causes a major
problem, because if EPA wants that information, it can get the information. If
EPA will not give a similar type of immunity, then the company is on the hook,
at least for EPA. At the same time, it is off the hook for the state.

There are federal legislative efforts to try to correct that problem, and the
Commissioner alluded to them. There is a bill in the House, 1047, and a bill in
the Senate, 582, both sponsored by Colorado folks, that would create a privilege
for environmental audits in any federal proceeding, and both bills would afford
broad immunity from administrative, civil, and they may be read to say all
criminal enforcement actions of any sort when a company finds a violation,
discloses it, and corrects it.

The states are a little concerned about the bill or some states are a little
concerned about the federal legislation because they see it as trampling on
states rights. Like pretty much every issue within the environmental audit
area, disclosure immunity area, this is one of great controversy and great
uncertainty for the future.

QUESTIONS & ANSWERS

MR. SWENSON: Do you think that attempts to apply the attorney-client
privilege to compliance and audit information will impede the effectiveness of a
compliance program because of an attorney's inclination to control information
and perhaps to impede corrective measures needed for unfavorable audit results?
Do attorneys get in the way of the process, I guess?

COMMISSIONER GOLDSMITH: I think that risk always exists, but in the end it's
not ordinarily counsel's job to make these decisions. Counsel's job is to give
the client advice, and then the client, the corporation itself and its officers,
will be making this decision.

Beyond that, I think that oftentimes within this context the advice, frankly,
will be to make a disclosure or to cooperate, precisely because of the carrot
and stick approach adopted by the guidelines. The penalties are so severe, the
downside risks are so heavy, that by a comparison the benefits of disclosure are
many. And, indeed, it seems to me that in the situation in which you have made
a full disclosure and attempted to rectify the problem and you've cooperated
with the government, you have at least a decent argument to present to the
Justice Department that the case ought not be prosecuted. The fines have been
paid or full restitution has been made. Consequently, a criminal prosecution is
not necessarily in order. So obviously the more you have done, the better off
you are in terms of being able to make that argument.

MR. SWENSON: What do you think the public policy limits are on a
self-evaluative privilege? That's an open-ended question but a pretty good one.

MS. BANGERT: In Colorado, we tried to strike a delicate balance between going
after the bad actor and giving companies incentives to do self-reviews, find
problems, and correct them. That's why we have so many exceptions to the rules.

The statute was a compromise after all parties had sat down to talk, and those
included environmental interests, district attorneys, companies, and others, and
state regulatory officials. I guess that we think that we have pretty much
taken care of the public policy issues through the way the bill has been
crafted. But, granted, there is always an issue of whether you're letting too
many bad actors off the hook while still trying to create the incentive.

QUESTIONS & ANSWERS - WRITTEN

Michael Goldsmith

Q. What is the practical value (in the criminal context) of a privilege which
must be waived if the prosecutor is demanding cooperation?

A. Even if a corporation eventually chooses to disclose its audit
materials to the prosecutor, it still enjoys advantages unavailable to a
non-auditing corporation. For example, an audit helps a corporation to better
assess its potential criminal or civil liability, determine available legal
defenses, and make knowledgeable legal and business decisions. As a result, an
auditing corporation will usually better know the strength of the government's
case, and can fight or settle accordingly.

An audit may also assist the corporation to avoid indictment. A
comprehensive audit can help the corporation avoid a government investigation,
and will often give the corporation more control over such an investigation if
it occurs. Furthermore, if the corporation cannot successfully settle the
dispute, the audit materials may enable the corporation to respond appropriately
to the allegations of wrongdoing. Information gained from the audit can also
help the corporation prepare its public relations campaign.

Finally, many cases do not involve government demands for disclosure. Absent
such demands, the privilege serves to protect against disclosure to third
parties in civil litigation (e.g., private plaintiffs, state regulators,
etc.)

Q. The Department of Justice (DOJ) presentations this morning, and to some
extent the sentencing guidelines, focus on cooperation and disclosure. How do
the various privileges fit into this setting? (DOJ staff seemed to be saying
they want all information, including privileged information, or else you get no
credit for the compliance program.)

A. See answer to above question.

Q. Do you think that attempts to apply the attorney/client privilege to
compliance and audit information will impede the effectiveness of a program -
because attorneys' inclination to control information will impede corrective
measures needed after unfavorable audit results?

A. Not necessarily. Depending upon the scope of the self-evaluative
privilege, the attorney may not have any incentive to "control"
information. Indeed, the privilege might be formulated to discourage such tight
control by counsel.

Q. Could a strong self-evaluative privilege frustrate prosecutors sufficiently
well to make compliance efforts unnecessary?

A. Any privilege can be made sufficiently strong to frustrate prosecutors,
regulators, and the courts. It is unlikely, however, that Congress will enact
self-evaluative privilege legislation that frustrates prosecutors to the
detriment of compliance efforts. Federal legislation will probably resemble
recent state environmental self-evaluative privileges, which provide protection
only if the corporation meets a number of conditions. These conditions require
corporations to conduct ongoing compliance audits that detect potential problems
promptly. In some states, corporations must also repair the damage caused by
the illegal activity before asserting the privilege; if the government demands
production of audit materials before the corporation remedies the damage and
becomes eligible for the privilege, the corporation may not rely upon the
privilege. Additionally, environmental audit privileges limit their protection
to the corporation's audit materials; any information obtained by the government
independently of the corporate audit are still admissible. Accordingly, the
audit privilege operates akin to the federal use immunity statute, which permits
prosecutions based on evidence independent of a witness's immunized testimony
(under the Fifth Amendment privilege against self-incrimination).

Q. If a quality assurance review of an organization's ethical and legal
compliance processes is performed by an outside consultant or auditor, would
reported findings and recommendations be "privileged communications"
between client and service provider? (e.g., like the auditor/client
privilege)

A. The answer to this question would depend upon the scope of the
self-evaluative privilege that is ultimately enacted. In most cases, however,
an auditor's report and recommendations should be researched and prepared at the
direction of corporate counsel, thus invoking the attorney/client privilege.

MR. SWENSON: The presentations up to now, especially the ones that we have
heard today, have raised an important question. If strengthening the good
citizen corporation is a desirable goal of law enforcement efforts, how should
government best go about trying to achieve this goal?

Our next two speakers are especially well qualified to discuss this topic.
The Environmental Protection Agency has recently developed a range of new
policies aimed at strengthening good corporate citizenship in the environmental
arena. These policies include a new environmental leadership program and,
although it attracted some criticism just a few moments ago, a March 31, 1995,
interim policy on self-policing and voluntary disclosure.

Steven A. Herman is the Assistant Administrator for Enforcement and Compliance
Assurance, which really makes him the top enforcement official, at the
Environmental Protection Agency, and he has been responsible for overseeing the
development of these new policies. I think whatever you think about the March
31 disclosure policy and whether it has gone far enough or needs to go further,
I think there really can be little doubt that EPA has been doing some very
interesting, innovative thinking in the area of what government's role should be
in strengthening the good citizen corporation.

MR. HERMAN: Good afternoon. It is a pleasure for me to be here at this
session on "In Search of the Government's Ideal Role in Fostering 'Good
Corporate Citizenship'." I want to first thank Win and the Sentencing
Commission for the work they have done on both the review we've done on our
auditing policy and on numerous other issues. The work has been extremely
constructive, and you've been a wonderful colleague to have, and we appreciate
it very much.

I want to use this opportunity to discuss the many changes that are occurring
throughout the Agency, and most importantly, focus on the Office of Enforcement
and Compliance Assurance (OECA). I believe that many of the actions and new
policies we have undertaken provide incentives for encouraging the good
corporate citizen and protect the public from those who are not so good, or are
in fact bad.

I also cannot appear here without acknowledging that our progress and
accomplishments are jeopardized by the budget cuts proposed for EPA in the House
Bill. The reductions are 35 percent for the agency and 50 percent for
enforcement. A cut of 50 percent is designed to wreck the environmental
enforcement program. It presents a danger not only to the public but also to
law-abiding companies. Polluters, those who cut corners and break the law, will
gain at the expense of good corporate citizens if there is no enforcement
program.

Enforcement of environmental laws is not an end in itself; achieving
compliance which protects human health and the environment is the end.
Enforcement serves this goal in several ways: 1) it deters bad behavior; 2) it
levels the playing field; 3) it ensures polluters do not profit; and 4) it
punishes wrongdoers.

This Administration, this agency and its enforcement and compliance assurance
program, recognized early on that we must move forward - strengthen our current
programs and make changes where they are necessary. The initiatives and
policies that I will discuss this afternoon present the regulated community, and
small business in particular, with tremendous opportunities to improve the way
in which they operate and relate to the agency.

Many of these initiatives, policies, and projects that the agency and my
office are adopting involve risks to all interested parties. Change always
involves risk. This risk should not be borne solely by the public. It must be
shared by the government and the regulated community. The potential
environmental and health benefits are great, and everyone stands to gain from
these changes - but the public cannot bear the full brunt of these risks and
different parties must be held accountable for their actions. These two factors
- shared risk and accountability - represent the principles of fairness and
responsibility underlying what we're doing.

The regulated community, and the EPA, must make these changes together if we
are all to reap the many benefits of new approaches to environmental protection.
This requires a fundamental level of trust and cooperation not heretofore
achieved. This will not be easy but we must make the effort.

Reorganization

As I noted earlier, this Administration has been committed from the outset to
change the manner in which the agency carries out its business. The first
concrete manifestation of this commitment is embodied in the reorganization that
created the Office of Enforcement and Compliance Assurance just over a year ago.

This reorganization is the realization of Administrator Browner's vision of
enforcement as encompassing a spectrum of tools to assure compliance - from
offering compliance assistance on the one hand, to seeking a criminal indictment
on the other. It is our task to use the appropriate response and tool at the
appropriate time. We recognize that our actions must be selective and
discriminating.

It is important to recognize that OECA is not built upon an either/or
principle when it comes to enforcement and compliance assurance. The solution
to the problems of non-compliance - which we all face - can only be found when
enforcement and compliance efforts work in tandem. It is this symbiotic
relationship which allows us to be flexible and discriminating in our response
when appropriate, yet firm when it comes to those companies that show a
disregard for our laws, and the safety and health of our people and our
environment. With this reorganization under our belt, we have moved quickly to
embrace opportunities to improve compliance with our environmental laws.
Several new policies serve to highlight some of these new directions.

Audit policy

On March 30th, I was very pleased to sign the interim agency policy on
incentives for voluntary self-evaluation, disclosure, and correction. With an
appropriate and voluntary self-audit, and disclosure, and prompt correction of
any violations discovered, a company can expect the elimination of the entire
punitive portion of any penalty. The goal of the policy is simple: we want to
promote self-monitoring, self-disclosure, and self-correction by everyone in the
regulated community. It is good corporate citizenship, and its focus is on
results - more compliance and a cleaner environment.

We recognize that we cannot achieve full compliance without the cooperation of
a regulated community willing to act responsibly by self-detecting, correcting,
and preventing violations. The basic conditions set forth in the policy reward
responsible corporate behavior; such companies should expect better treatment
from the government than those who take no responsibility for their actions or
violations. If you audit, disclose, correct, we will completely waive the
gravity component of the penalty. We will reserve the right to collect any
substantial economic benefit of a violation, as recommended by the Compliance
Management Policy Group, which represents the oil, chemical and paper industries
(the most heavily regulated). We also will not guarantee a penalty waiver if
there is serious actual harm, a pattern of violations, imminent and substantial
endangerment, or criminal conduct by the corporation or its employees.

I want to underscore that this new policy provides significant incentives for
self-evaluation, disclosure, and correction, without the inherent secrecy and
potential for litigation which is a part of any statutory or policy privilege.

The new policy is fair and provides opportunities for the agency and the
regulated community to work together to ensure compliance. This is a
partnership that can only thrive when communication is open and frank. The idea
of a privilege, which we rejected in the course of our extensive reassessment,
yields suspicion and mistrust among all the players, including the public,
without any added benefits. We continue to work on the policy: the public
comment period ended June 30, the agency expects the final policy to be issued
in October.

We also recognize that this will not be enough. Thus we will also maintain
strong traditional enforcement. Federal laws and regulations set minimum
standards for protecting human health and achieving environmental protection
goals such as clean air and clean water. We will continue to uphold these laws
through tough civil and criminal enforcement actions that appropriately penalize
violators and require the adoption of better environmental practices.

Interim Policy On Compliance Incentives For Small Business

Another policy that embodies the same basic principles behind our
self-disclosure and correction policy is an outgrowth of the Clean Air Act
Section 507 enforcement policy which was implemented a year ago. Section 507 of
the Clean Air Act requires each state to establish a small business assistance
program, designed to help small businesses meet their obligations under the law.
In response to concerns expressed by many states that small businesses would
not seek assistance if violations discovered during their participation resulted
in enforcement actions, EPA issued its section 507 enforcement response policy.

Building upon the success of this policy, in June, we issued the Interim
Policy on Compliance Incentives For Small Businesses which expands the
principles in the section 507 policy to small businesses that operate in other
media besides air. The concept is simple: small businesses that act in good
faith to comply, ask the right questions regarding their own facilities and
operations, and make the necessary changes and fixes if violations are
discovered, will not be penalized.

The substantial benefits from this policy depend upon the regulated
community's behavior. Everyone has a responsibility to comply with the law.
Either through seeking and obtaining compliance assistance from a
government-supported program, or through conducting a thorough evaluation of
their own environmental practices, it is their responsibility to ensure they are
operating in compliance. This policy provides substantial incentives to do just
that, by eliminating any penalty under certain conditions, and focusing instead
on the prompt correction of a violation. The Administration is committed to
working with small businesses to improve the environment and the health of our
people, and this policy demonstrates that.

Environmental Leadership Program

Related to these policies, is our Environmental Leadership Program (ELP),
which was announced on April 7th. This program is piloting new ways to ensure
multi-media compliance, third-party audits, and getting communities working with
local industry to achieve environmental goals. As the Administrator said when
she announced this program, these pilots will "demonstrate that
environmental violations need not be simply an accepted cost of doing business.
Pollution is not the price of progress. We can protect public health, protect
our environment, and do it using common-sense and cost-effectiveness."

Finding better ways to ensure compliance, and prevent pollution in the first
place, benefits everyone - businesses, municipalities, and of course, the
public. Many of the pilots involve the sharing of information between the ELP
participants and other businesses. One pilot in particular (Ocean State Power,
in Rhode Island) is developing a mentor program, which identifies large
companies that can assist smaller businesses with environmental, health, and
safety issues.

Compliance Assistance Service Centers

Another example of how our Office intends to use compliance assistance
techniques to ensure compliance is through the development of Compliance
Assistance Service Centers - serving four specific industry sectors heavily
populated with small businesses. The agency has already entered into a
cooperative agreement with the National Institute of Standards and Technology
(NIST) to develop a National Metal Finishing Resource Center. We plan to launch
at least one more center this year, most likely for the printing sector.

These multi-media, sector-oriented Assistance Centers would provide a base for
"one stop shopping" for its targeted sector - one place to get
comprehensive, easy to understand information on all regulatory requirements
affecting the industry. In addition, technical assistance and training would be
available on applicable treatment technologies to help minimize waste
production, maximize pollution prevention technologies, and increase overall
market competition.

This is one way in which we are fulfilling our responsibility to you. We will
help you understand the rules, and provide assistance where we can, but the
responsibility to comply is yours. This feeds into an overarching theme of
enforcement and compliance at the agency - we will make sure that information
about compliance requirements is made available, but the regulated community,
must take full advantage of these opportunities to expand their knowledge, and
ensure their own compliance.

Conclusion

These policies illustrate how the agency has taken the initiative to have a
solid and strong enforcement program that serves the public, including the good
corporate citizen.

EPA's enforcement and compliance assurance program will continue to move
forward, and ensure that regulations are understood, complied with, and that no
one gains a competitive advantage by violating them. The new policies and
programs at the agency are tremendous opportunities for the agency to improve
its own operations, for the regulated community to improve its relationships
with the public, the government, and the environment, and for the public to be
assured that we are doing the maximum to protect its health and environment.

You can be certain that the agency as a whole is committed to implementing
these new initiatives and policies because they make good sense for everyone.
They fit hand-in-glove with our mission to protect the nation's environment and
the health of our people. For this reason, the future of environmental
protection and regulation depends, in large part, upon our successes with these
new approaches today and in the months and years ahead. Thank you.

"BEATING THEM WITH CARROTS AND FEEDING THEM STICKS"

MR. SWENSON: Our next speaker is Joseph E. Murphy, who is Senior Attorney at
Bell Atlantic where he specializes in compliance issues. Joe's voluminous
writings on compliance issues have particularly focused on the theme of this
segment, finding government's ideal role in fostering good corporate
citizenship. He's the author and editor of several books - and those books'
names are in the program - that explore this theme, and he's also the editor of
Corporate Conduct Quarterly, which is an excellent journal dealing with
compliance issues particularly. Because I really want to find out what he means
by "beating them with carrots and feeding them with sticks," I'll be
quiet and introduce Joe Murphy.

MR. MURPHY: I'd like to start by thanking the Commission for asking me to
join in this excellent program, and I also want to thank and acknowledge the
many familiar faces I see in the audience, people who have been my partners in
the field of compliance; and, of course, especially my co-authors, Win Swenson
and Jeff Kaplan, and one who is not here today, Jay Sigler of Rutgers
University.

I also want to express my admiration for all of you who believe enough in this
effort to be here today. And, of course, I should note that the views I express
are my own, not necessarily those of any organization that I'm associated with.

There was a point that Senator Kennedy made yesterday that I thought was a
good one and that I hope we can follow up on, and that was the need for people
in government to learn more about compliance and ethics programs. I think the
more knowledge there is in that sector, the more acceptance and support there
will be for these efforts in organizations.

I think my title today may need some explanation - "Beating Them With
Carrots and Feeding Them Sticks." We've all heard the sentencing
guidelines described as using the carrot and stick. The idea is to reward good
acts and to punish the bad. But, in fact, we may be somewhat off the mark.
Companies today that take aggressive ethics and compliance steps run high risks
of being beaten with their own acts, beaten with the carrots that were supposed
to lure them to do good things. Moreover, what is offered as a reward may not
really be a carrot. Instead of offering real incentives, for the most part we
are only shortening the stick that will be used against companies.

When I look at the legal landscape, I see a system that seems designed to make
the Sentencing Commission's bold experiment in promoting self-policing fail
unless we take some determined steps to change it. To explain this, I'm going
to show you what the future will look like through three reports from tomorrow's
newspapers. I will talk about the need to move to a true carrot and stick and
what that means, and I will touch on what happens inside the corporation when it
comes to compliance efforts and why we need to change the approach.

In your materials are the three newspaper articles from the future. These are
all make-believe facts. The stories are not true - yet.

The first story is the businessperson's nightmare to illustrate why we have
trouble making more progress than we have already. I'm going to go through
these a little quickly. The material is in the book. In this case, Synergy
Company, known for its strong compliance program, gets nailed even though it
entered into a voluntary self-disclosure.

The details of its own program are used against it, and the prosecutor just
shrugs off the importance of the compliance program. And, of course, one of all
of our great fears, he nails the company on a technical defect. If there's a
manager with 220 employees reporting to him who's involved, you don't get the
credit.

Of course, immediately, the piling on begins with the state attorney general,
and competitors learn the obvious lesson. They discontinue this type of "foolish"
activity. Who loses in this scenario? Those who want their companies to do the
right thing, all those who are affected when a company does wrong, and in the
long term, even those in enforcement who take short-term advantage of compliance
efforts. Fear can paralyze the development of effective and aggressive
compliance efforts. If this story does, in fact, appear in tomorrow's
newspapers, people like me who believe in this work will be kicked out the door
and replaced with people who know how to litigate and stonewall.

But we in business fool ourselves if we think this is the full story. There
is also the prosecutor's nightmare. We need to understand this to see why
government hesitates to do more to encourage and recognize compliance efforts.
In this story, a congressional committee is investigating prosecutors who were
hoodwinked by a sham program.

The protagonist here, Fasttech, has its lawyers fool the prosecutors with the
clever use of privilege and immunity protections and the guidelines standards.
I know this is Steve Herman's nightmare. In fact, the compliance program was a
meaningless charade. And, of course, others in industry were quick to learn
from this maneuver.

I think both sides are capable of gaming the system. Either way, the same
people lose: those in government who believe in the value of self-policing and
those in industry who want to see this work.

The third story is about an interactive compliance system that I think follows
the real logic of the sentencing guidelines. Skysoft Services has just
received national recognition for its compliance program.

The compliance officer, the CFO, explains that the company started with the
guidelines, but then used management techniques to go from there. Compliance
was part of appraisals and objectives. Managers and work units competed for
recognition. Managers at every level of the company see this as everyday
business. This program had, in fact, started as a legal insurance policy.

But it took off when government offered real incentives and started a
competition for best in class. And one particular point here, because of
compliance audit protections, audit reports that had previously been kept secret
were now posted at the working facilities.

This is a story of how both sides can win and how we can get there, through a
form of social compact between business and government. It calls for a positive
role for government. Government must recognize the value of compliance efforts.
It needs to make a commitment and reward those who take the risk of
implementing effective ethics and compliance programs. To give this effort
life, we need to use incentives that introduce competition. The desire to win
and to achieve is a far stronger motivator than the criminal justice system's
only weapon - fear.

What's wrong with what we do now? Our current model may seem designed to get
companies to undertake self-policing. EPA talks about the value of
environmental audits. The guidelines talk about effective programs to prevent
violations. They say they are offering carrots. But are the carrots really
bait for a trap? Are they just going to use those carrots to beat us over the
head?

Let's look at what happens to a company that thinks these are real carrots and
bites in. On the left are some things associated with compliance; on the right
are some things that the legal system may do to these. For example, in one
case, a company imposed a code of conduct. The National Labor Relations Board
felt that this was an unfair labor practice. In the Lucky Stores case that
Commissioner Goldsmith mentioned, people took notes in a discrimination seminar.
In fact, the notes were their observations of examples of improper conduct in
the workplace. One of the employees took notes and kept them. The court viewed
those notes as appropriate smoking guns for the plaintiffs, not only allowed
them into evidence but noted those very notes as a basis for punitive damages
against the company. Is there a lesson there?

Similarly, one of the earlier speakers referenced the newspaper article about
industry practice forums. This is something I participate in, I believe in, but
it has been described as potentially involving collusion. And on
self-disclosure, there is the example of the Coors case, a company that found
its own problems and voluntarily reported them, only to be met by state
enforcement action and the imposition of civil penalties. And the other items
have similar histories.

I always think of the old saying, " Fool me once, shame on you; fool me
twice, shame on me." Once government and the legal system beat a few
companies like this, everybody gets the message. But there's a simple lesson
here. The government should not exploit companies' compliance efforts against
them, and they should not hold companies' compliance and ethics efforts to
standards that no one could meet.

The first change needed is to complete what the Sentencing Commission started
and shorten the stick for those who undertake rigorous compliance programs.
Here are some of the primary examples. Sentence mitigation, of course, is a
useful step. It has gotten people's attention. But things like the Colorado
statute providing for immunity, privilege protection for compliance-oriented
activities, including audits, ombudspersons, training, other areas, and removing
the penalty provision from companies that have serious efforts in this area.
These are critically important steps, but we need to recognize what they are
not. They are not carrots.

Now, although I work in a city, I grew up in farm country. And we learned the
difference between carrots and sticks. A stick is a hard thing that you beat
people with. A carrot is a tasty thing that you want to eat. But on the list
you see here, there are no pleasant things. There's nothing I would run to get
to put on my plate. All that's on that list are things that government would
otherwise use to punish me.

What's the difference between this and a carrot? A positive incentive does
not use fear. It uses drive and competition. In fact, it uses the same
motivators that lead most of us to do what we do each day. Competition is a
driving force in society. What we need are incentives, positive incentives,
real rewards. We need something people can strive for, that they can take back
to their office and show off.

What kinds of things could this be? These are things that a compliance
manager can point to as benefits here and now, for example, public recognition,
tax benefits, bidding preferences, financing arrangements, agency liaisons.
This is not insurance against a future hypothetical threat. It is a tangible
incentive.

Now, the newspaper stories that I showed you also shed light on what happens
within companies and what it takes to achieve ethical and compliant companies.
When I first started in the corporate world, one of the biggest surprises to me
was to find people within the company who were dedicated to doing the right
thing. They may be internal auditors, industrial hygienists, environmental
engineers, ombudsmen, compliance lawyers. These groups, these in-house
compliance constituencies, can play a major role as a check against corporate
misconduct. But they can only do this if they are empowered to have an
effective voice. These compliance people, like others in companies, compete for
attention and resources.

But under the current regime, with few real incentives offered, I want to show
you what that competition looks like. This will also help you understand why
there is so much burn-out and frustration among those who do in-house compliance
work. Here's what the compliance function looks like. We bring bad news. We
deal with bad news. To some of our managers, we are bad news. Is this a
description of a job you would offer to your most talented and aggressive
managers? Is this a post with great career prospects? What is it that this
person celebrates? That another day passed without anyone being indicted?

Now, this is what a normal manager's job might look like. You notice I do
have a bias. You see the same gap I described when I talked about carrots and
sticks. There is no positive element. That weakens the ethics and compliance
function. As a compliance person, I offer no fun, no rewards, no glory.

If we change our approach to compliance and offer real carrots, rewards, to
companies that commit to implement effective compliance programs, this can
dramatically change the organizational dynamics. That in turn can energize and
empower those within companies who believe in effective compliance and ethics
management.

Where does this take us? I want to warn against one detour first. We need to
keep the focus on carrots and sticks and avoid red herrings. One of the most
wasteful red herrings, I believe, is the misdirected debate between ethics and
compliance, lawyers versus ethicists. Basically, this whole debate is off the
trail. Both the compliance approach and the ethics approach have their own
vocabularies and their own ways of talking past each other. I have never heard
one side give an accurate description of the other, and for those in each camp
who do bother to look at what really works in organizations, they're typically
saying the same things, just using different terms.

Fundamentally, the issue is not law or ethics, compliance or integrity. It
is: what affects organizational conduct? Do audits work? What training works,
and what does not? What motivates actors in a group setting to engage in
anti-social conduct, and what makes another group stop its members from harming
customers?

Most of those engaged in debate about ethics and compliance need to start
asking the much harder question: What really works in organizations to affect
conduct?

I believe if an organization understands how to keep itself on the straight
and narrow, it will follow both an ethical and legal path, regardless of whether
you use ethics or compliance labels.

So what is the future for ethics and compliance programs? If we're going to
harness the ability of organizations to self-police and we're serious, there are
a few simple questions we have to ask ourselves honestly. First, is the company
that does compliance work at greater or less risk than one that doesn't? Two,
is the company that tries to improve its programs, test out new techniques, and
lead the way better off or worse off than one who does not? Three, is the
manager or lawyer who devotes attention to this area better off or worse off
than one who does not? And as a test of whether your answers ring true, where
would you put $1 million of capital or $10,000 of bonus money?

Until we can answer those questions in a way that makes sense, we're going to
be like Sisyphus pushing the rock up the hill, only to have it slide down on us
again.

Where does government fit in this? This is an area where government's role is
crucial. The Sentencing Commission in its remarkable experiment has led the
way, but it's up to the rest of government - agencies, legislatures, courts - to
decide whether to stymie this or to offer support and encouragement. Will EPA
relent in its opposition to the environmental audit privilege? Will the
National Labor Relations Board look at codes of conduct with a clearer vision?
Will the courts learn to stop seeing every bit of information as mere toys for
the litigation game?

Government can strengthen those within corporations who share the commitment
to doing the right thing. It can do this by using the strongest forces we know
to get results, incentives and competition.

And what is your future? Will you be beaten up by carrots? Will you be made
a victim in a front-page story if you support voluntary compliance and ethics
programs?

This is a news story that we in this room will write. The Sentencing
Commission has offered us the first carrot, or maybe just shortened the stick,
but you and I are going to determine whether voluntary self-policing will be
allowed to work. Thank you.

QUESTIONS & ANSWERS

MR. SWENSON: Thank you, Joe. The question is: what is your response to Ms.
Bangert's assertion - Patricia Bangert from the State of Colorado, whom you
know, who spoke just before you - that EPA is stifling experimentation by the
states? I guess with respect to its position on privilege.

MR. HERMAN: Our general approach has been to try and work very closely with
the states, both on this issue and on numerous others. And, in fact, in the
enforcement arena, I would venture to say that, in general, our relations with
the states are as good - are better than they have ever been before, and I say
that on the basis of conversations that I've had with state commissioners who
serve on the state commissioner's enforcement committee.

Our position with regard to states that have passed various privileges and
immunities statutes is that we will see how those statutes work. However, it is
our responsibility to look at particular situations as they arise to make sure
that the various programs are carried out in a way that is consistent with
federal requirements. We have timely and appropriate standards, and is the
state response appropriate for a particular situation? And that's what we're
going to look at. We have not taken a blanket approach one way or the other,
but we also - you know, I certainly don't - to the extent I can prevent it, I
certainly would not like to see somebody who has committed criminal conduct go
free because they come in and say here's an audit.

I certainly am not going - you know, to the extent that I have the ability to
do it - would not stand aside and watch some company benefit significantly, you
know, to the detriment of its competitors, because it goes, it pollutes, it
profits, and then they come in and say, "We've polluted and we've profited
and here's our audit." I don't think that's good policy.

That hasn't happened yet, and I think we'll just have to see how it works out.
We are talking to the folks in Colorado and in other states to try and work
this out amicably, as we have worked out many other problems over the past two
years.

MR. SWENSON: Do you want to respond, Joe?

MR. MURPHY: Yes, if I could just make a comment about that. I'm afraid my
colleague has basically set up a straw man and then shot it down. I listened to
his description of what he's afraid of. I read most of the statutes. There's
not a single one of those statutes that I know of where the scenario he just
described could ever happen. They talk about good faith, requiring that you fix
the problem. They have numerous exceptions. I'm sure that the representative
from Colorado could verify what I'm saying.

If you're talking about an experiment, I would say let the states experiment.
After all, we have 51 jurisdictions. They each have attorney-client privilege.
There are significant variances among the states. They each have work product
protection. There are significant variations among the states. I've never
heard EPA say it's going to examine the state attorney-client privileges in
those states. Let's give these experiments a chance to work. Read the statutes
in good faith. They have built in a number of very, very serious protections.

MR. HERMAN: If I could just respond?

MR. SWENSON: Absolutely. Absolutely.

MR. HERMAN: I think this is important. I think if you do read the statutes
carefully, there are statutes which potentially provide immunity for criminal
behavior. That's the first thing.

Secondly, I think there are not a lot of privileges out there. There is
attorney-client privilege. There is the husband-wife privilege, the
doctor-patient privilege, and maybe, you know, priest-penitent. And that's it.
And basically our society has taken a very restrictive and unfavorable view
towards privileges, because as has been said, privileges are by their nature in
derogation of the truth. And I think we should be very careful how we work with
these.

Now, I also think that it is a mistake, a serious mistake - and I think this
is really unfortunate that the debate has gotten off on the issue of privilege.
The issue should be how - and the way I think we have tried to approach it, the
way I frame the question is - how do we encourage self-monitoring,
self-disclosure, and self-correction?

I guess the question is, "Can't it be done without secrecy? Can't it be
done in the way you have described, I think, with incentives and with true
carrots?" Which is, I think, what we are trying to provide.

I don't think holding out an exception for substantial economic benefit or for
criminal behavior or where there has been serious environmental harm is an abuse
or turns that carrot into a stick. I think what it does provide is some
accountability, which is something I did not see on the slides. In other words,
if somebody does - let's say you are doing - you have your policy and you're
trying your best, yet you do have a major spill or you have a major discharge.
You should be responsible for cleaning it up and for ensuring that it doesn't
happen again, and there should not be some kind of blanket protection.

MR. SWENSON: Maybe that is a good segue into this question, Joe. Isn't your
best in the class suggestion closely related to EPA's environmental leadership
program? And isn't the environmental leadership program one of the best
existing models for the kind of thing that you're talking about?

MR. MURPHY: I don't want to come across as too harsh on Steve. I think the
EPA deserves a lot of credit for being willing to innovate. I would like to see
them more willing to innovate. But I think it's important that they're starting
down the road.

Actually, the model that I used was based on the same things the EPA model is
based on. There's an OSHA program called the STAR program, which has been very
successful, very innovative in this area, although the rewards are rather
sparse. And another example that I use, although it's got some limitations, is
the Baldridge Award. If you think of what the Baldridge Award did - when I
started in business, the notion that government would award somebody for quality
would have been ludicrous. The notion that government would be able to assess
quality would have been ludicrous.

You look at the notion of the Baldridge Award, and for quite some time that
had people running around like crazy trying to develop quality programs. And
that's just a small example to me of what you can get by giving a positive
reward to people.

I see this, by the way, the need - I also agree, I'm not particularly in favor
of secrecy. What I'm in favor of is not having people beaten over the head with
trying to do the right thing. I think there's a need for protection. Secrecy
is not the issue. It's the use against companies of this type of material.

MR. SWENSON: Steve, I don't want to get too bogged down in this issue because
we've already had a lot on it today. But is that where EPA seems to be heading,
to some extent? Given your concerns, I mean, it seems to me you're saying that
secrecy is not something that's particularly desirable, but that you think it
may be relevant to the question of what the use or impact is of information when
companies have tried to do the right thing.

MR. HERMAN: I think the real issue - secrecy is one issue, and I think that
the public's right to know is very, very critical. In terms of use, I guess I
don't - if the company is doing, you know, the work and has it, I don't think it
should be a shield. We have said, though, that we will not initiate an
investigation based - you know, we won't go out on a fishing expedition looking
for an audit.

I would also say that the companies - and I'm sure many of you would
acknowledge this - benefit tremendously from doing the audits, that there are
many, many benefits in terms of making operations more efficient, preventing
violations. There is a reason why some tremendous percentage, especially of
large companies, do audits. We think there are also reasons why smaller
companies haven't, and we're trying to address those concerns.

But one thing that I would mention is - some of you may know this - we have
had for almost a year a very, very extensive process which Win has participated
in and I know several other people in this room have participated in, in the
re-evaluation of our self-audit policy. And I've attended several of the
sessions. I went to one in San Francisco, which lasted two days, and there were
representatives of industry and environmental groups and various state and local
groups. And we broke up at one point into various smaller groups, and each
addressed the same questions. And what was remarkable to me was that basically
there was agreement on maybe 95 percent or 98 percent of the principles, and I
agreed with much of what Joe was saying. And it was a similar kind of exercise
where everybody, from environmentalists to corporate attorneys, was agreeing.

There were a couple of fundamental differences, one being the privilege issue,
but in terms of some of the exclusions, like for criminal behavior or
significant economic benefit, and encouraging companies to do audits, there was
- you know, I think there's a tremendous amount of common ground, and we are in
our effort, you know, trying to exploit that as much as possible.

I actually took away from that a fairly - you know, I was fairly optimistic
and am fairly optimistic in terms of that, that ultimately there is going to be
some very positive results from our effort and from discussions like this.

QUESTIONS & ANSWERS - WRITTEN

Steven Herman

Q. EPA's program directed at fostering environmental management systems in
small companies sounds impressive. Why not take a similar approach with larger
companies?

A. In the course of revising the interim "Self-Policing and
Self-Disclosure" (Audit) Policy, EPA is seriously considering whether to
provide substantial penalty mitigation for companies that discover violations
through compliance management systems. The interim Audit Policy is applicable
to all regulated entities, large and small. In addition, the Environmental
Leadership Program is exploring compliance incentives for facilities that adopt
environmental management systems and for facilities that adopt compliance
management systems. I would also note that EPA's Office of Water and my office
have agreed to provide funding for a grant to the NSF to develop guidance for
small and medium-sized businesses implementing ISO 14000 environmental
management system standards.

Q. Why does the EPA allow special interest groups to direct its (EPA's)
attention to a particular industry rather than relying on data and scientific
studies?

A. For those not familiar with the EPA process for selecting national priority
sectors, I want to strongly emphasize the heavy reliance placed upon data and
scientific evidence. In fact, over the last several years, EPA has streamlined
its data systems to improve the environmental impact analysis that can be
conducted for industrial sectors. Based upon this effort, EPA now has the data
on the source, location, type and amount of release for every major toxic
chemical. Pollutant release data is further informed by detailed analysis of
industry-specific non-compliance patterns. These two factors are the two main
components of EPA's national priority sector selection process. Special interest
groups (e.g., environmentalists, industry groups) played no role
whatsoever in this selection process. In the future, EPA will continue to
improve data analysis capacity by adding risk-based targeting criteria -
toxicological weighing of chemicals released, and estimates of human exposure to
toxic chemicals.

Q. What is your response to Ms. Bangert's assertion that the EPA is stifling
experiments by the states?

A. EPA has worked very closely with the states in developing and revising the
interim Audit Policy. States have generally praised the process by which EPA
has considered the views of all stakeholders. For example, states have
commented: "As a preliminary matter, let me state that the process
undertaken by EPA to formulate the Policy has been a model of thoroughness and
thoughtfulness." Letter from Scott A. Harshbarger, Attorney General for
the Commonwealth of Massachusetts to Carol Browner, Administrator, U.S.
Environmental Protection Agency, June 27, 1995 (document #II-C-48). "Generally,
we support EPA's new policy and applaud the open and deliberative process used
to develop it." Letter from David A. Shorr, Director of the Missouri
Department of Natural Resources to U.S. EPA, May 29, 1995 (document #II-C-53).
In contrast, the federal audit privilege and penalty amnesty legislation which
is modeled after the Colorado law appears designed to impose the Colorado model
on other states.

Joseph Murphy

Q. How can you justify your "carrot patch of incentives" when all
citizens have the obligation to comply with the law? That is, do you really
think it's good public policy to offer "prizes" for compliance with
the law?

A. There are a number of answers to this question; I will cover a few here.
However, I would be happy to discuss this at length with anyone who is
interested.

The first point is that the question misses what the incentives are intended
to do. They are not to reward mere obedience with the law. Rather, they are to
motivate organizations to develop and implement management systems to promote
compliance and ethics. A company would not receive recognition merely because
no one had caught it breaking any laws. Rather, the incentives would be given
to those companies that had implemented the most effective ethics and compliance
programs. Also, the rewards would not be limited to "prizes." While
prizes have appeal, they do not have the same impact on all companies (e.g.,
consumer goods companies care more about public recognition than do
manufacturers of industrial commodities). Other incentives with bottom-line
impact also need to be added to the mix.

The second response is to recognize the inherent limits on law compliance.
While the law tries to deal with some objectives, it can only set minimal
objectives. For example, the law tries to protect equal employment opportunity,
workplace safety, an honest marketplace and a clean environment. But the law
sets minimums, and punishes those the government can prove crossed the line.
The use of incentives allows society to use a more open-ended standard, i.e.,
the "best" in improving workplace safety or in cleaning up the
environment. This can inspire creativity and a greater positive effort than can
ever be achieved by the use of threats of punishment.

A third answer to this question is the recognition that companies are not
individual citizens and do not act like individuals. While one might pause
before offering rewards to individuals for doing their civic duties (although,
even with individuals, governments do use various forms of incentives), it is an
entirely different matter to deal with groups and organizations. Organizations
are composed of a broad range of people - good, bad, honest, dishonest,
indifferent, etc. The idea of incentives is to motivate the organization to
empower those who will help assure the organization does the right thing, and to
deter those who would otherwise do wrong. Organizations generally are formed
for a purpose, so offering a reward that helps the organization advance toward
its goals can change the way the organization acts.

The Baldridge Award is an example of how this works. One could say that any
company
should want to produce a quality product - it is the right thing to do,
and the product will sell better. But many companies resisted emphasizing
quality, and focused on where they saw the immediate payoff - short-term
earnings. The Baldridge Award offered immediate recognition for having a
quality orientation, and this helped change the way companies approached the
subject of quality. Of course, the quality story is a more complicated one than
just this award, but the Baldridge Award is a striking example of how a very
modest reward can affect organizational behavior.

The last response is perhaps a bit more philosophical. I sense in the
question a resentment toward the idea of rewarding people for doing what they
are supposed to do. If something is right, people should just do it. Yet,
unless I misread most religious doctrine, it seems that rewarding those who do
right is a fundamental tenet of theology. All the religious parables I can
think of involve bad actors being punished and good ones being rewarded. I see
nothing morally questionable about using incentives and competition to motivate
people to do things that benefit and protect society. If it works, everyone
benefits. And it seems to have worked for millennia.

Q. It seems that you are critical of EPA's efforts to strengthen the good
citizen organization, but, through the varied approaches Steve Herman has
outlined, hasn't EPA been out front of most agencies in the enforcement
community in this regard?

A. When we are looking for change, we should always recognize those who have
shown the courage to step forward. EPA's efforts merit strong encouragement,
and Steve Herman deserves our support and recognition. Because EPA is, in many
respects, a pioneer, we should also point out where we think they are off the
trail, and what routes others have taken that will get to the result more
directly. That was what I intended to do.

I think EPA is starting to realize the value of voluntary compliance efforts
and the potential for using incentives to improve industry practice. But there
are some fundamental shortcomings in EPA's approach that threaten the success of
these efforts. The first of these is the agency's reluctance to make a
commitment. EPA is looking for companies to put their heads on the block by
doing compliance audits and then voluntarily reporting violations that such
audits uncovered. In exchange, EPA states its policy to take such good conduct
into account, but offers no promises. But if EPA wants companies to trust the
agency and to voluntarily search for, and disclose, problems, the agency must
make a firm commitment that the company will not be penalized for taking these
steps. Unfortunately, thus far, the disclaimers have tended to be the firmest
parts of EPA's policy statements.

The EPA deserves praise for being outspoken in its support of voluntary
compliance efforts. In the important area of voluntary disclosure, however, it
has not kept pace with several other enforcement agencies. EPA does not have a
binding commitment to give immunity to those who voluntarily disclose
violations. Compare this to the Department of Justice's Antitrust Division's
policy in this same area. If a company discloses to the Department of Justice
that it has been involved in price fixing with other companies, and it meets the
Department's stated conditions, there is a real commitment not to prosecute.
This is not a "maybe" or a "we will consider in the exercise of
our discretion." Companies who commit to self-disclose do so knowing they
will not be ambushed in the process.

The EPA also needs to develop a deeper understanding of what happens to
compliance efforts within organizations to realize why its hard line against a
self-evaluative privilege is off the mark. Without such a privilege, we are
left with a legal system bent on exploiting voluntary compliance audits against
those who conduct them. Even if the agencies made a binding commitment not to
do this (and EPA has never gone that far), private plaintiffs still can use
these materials. Within any company that has to decide how much to commit to
conducting internal audits, and how aggressive to make those audits, the lessen
will not be lost. This opposition to a self-evaluative privilege will backfire
on environmental enforcers and weaken those in companies who want to do audits.
If EPA means what it says about the value of these audits, and it wants
companies to self-inspect and self-remedy problems, why should companies be
required to have that work handed over to the government to use against the
companies? Does this result seem calculated to inspire anyone to conduct
aggressive audits? Or will this just push those who do audits to use lawyers to
fit under the mantle of the Upjohn decision, and to wrap their limited
compliance activities in a cloak of secrecy and innocuous language?

In these two areas, self-disclosure and immunity for audits, the states have
been showing leadership. There are now several interesting experiments with
disclosure immunity and immunity for compliance audits. But EPA, instead of
using these as test laboratories to see if such initiatives can increase
voluntary compliance efforts, has fallen back on the litigator's aghast reaction
to anything that infringes on their ability to rummage through everyone's files
to find embarrassing documents.

EPA's interest in a "Leadership Program" holds great hope for
recognition of good corporate citizenship. This is a model that OSHA has been
pursuing with success for some years. Another example can be found in Camden
County, New Jersey, with its Silver Platter program for restaurant sanitation.
EPA should look at taking a more aggressive approach in offering incentives. If
this requires legislative authorization, the agency should not be reluctant to
make suggestions to Congress. Reward programs can do wonders as motivators, if
they have real substance and they are carefully designed and implemented.

EPA deserves credit for starting down this path. But if it wants to blaze a
trail to real results, it needs to leave its litigation lawyers back at the base
camp and rely on different guides who are not reluctant to explore this new
terrain.

WIN SWENSON: I present to you for this closing segment four brave people.
They have been cribbing notes and thinking about what they've been hearing over
two days, and we've asked them to talk to you a little bit about some of the
things they thought were significant which I think is really overall an
impossible task any way you look at it.

We've kind of typecasted this panel - and all of these folks are people who
decided to come to this conference as attendees, but each really has a rather
unique and, I think, in many ways very extraordinary background.

The typecasting works like this: Neal Cartusciello is going to go first, and
Neal is our private defense attorney, if you will, but the reason the
typecasting is particularly poor is that Neal is the former Chief of the
Environmental Crimes Section at the Justice Department and spent many years as a
prosecutor. And I suppose that's the other thing I should add about each of
these folks, is that I think each one of them adds something, a real dimension
beyond the typecasting.

Next is Janet Cook. Janet is our government representative, and she's the
assistant general counsel of the Air Force for contractor responsibility and I
think is widely recognized, certainly in the defense industry, but now much more
broadly, as one of the real experts in government about what makes compliance
work.

Richard Gruner, a Professor of Law at Whittier Law School, is our legal
academic. However, Richard also spent a number of years in-house doing
compliance work for a major corporation - IBM. You may have heard of them.

Batting clean-up is Lynn Paine, who is Associate Professor at the Harvard
Business School where she's a member of the general management faculty. She's
written some very thought-provoking articles extolling the virtues of
integrity-based, law-centered compliance programs, notwithstanding the fact that
she also has a law degree.

What we're going to ask each panel member to do, as I said, is offer some
thoughts on what they thought was significant, and they are going to direct
those thoughts to constituencies they particularly identify with or think of
themselves as comfortably relating to. I don't know if that makes much sense,
but it will probably become clearer as we go on.

We may have a little time at the end for the panel to respond to some of your
thoughts about what you think was important. Hopefully we're going to capture
that in those feedback forms that you get, and we're going to learn from that.
And I tell you absolutely we are extremely interested in reviewing those forms
from all of you. But during the course of this, if you would like this panel to
respond to some things that you thought were significant, go ahead and jot it
down on a card. If we can, we'll try and work some of that in.

We'll start with Neal Cartusciello.

WRAP-UP: REMARKS BY NEAL S. CARTUSCIELLO

NEAL S. CARTUSCIELLO: Thank you very much. At the risk of burning some of my
five minutes, I want to say thank you to the Commission, not just for the
opportunity to be here, for which I'm really thrilled, but because what I've
seen has lived up to its billing. This has been an extraordinary symposium. It
has been truly historic. I think the Commission is to be commended for having
the wisdom and the courage to do this.

In that regard, to the extent that this symposium is so extraordinary, in some
ways maybe it's simply a reflection of the extraordinary nature of the work that
the Commission has done over the last six years and the work that it has spurred
on.

I've talked to a number of attendees here who have said to me that this is the
best program of its kind that they have ever attended, and many of these I know
personally, and they are not given to that sort of hyperbole. I share that
view. I was absolutely stunned at the depth and the quality of the substance
that I heard. It's very difficult for me to do a five-minute wrap-up because I
feel like I am not in a position where I've digested very much of what I've
heard. I feel like I'm on information overload right now. I heard a lot of
statistics yesterday. I'm usually not afraid of numbers, but for the life of
me, I'm not really sure I can tell you what they mean.

What the four of us decided that we ought to do is attempt to focus on some of
the nuggets that we each found in these two days, and maybe pick two or three
each, zero in on them, and state why we think they're important to the
particular audience segments that we feel we can identify with. Myself, I feel
a kinship with the prosecutors, although in the tradition of the best defense
lawyers, what I'm about to do is do what good defense lawyers do, which is spend
most of my time whining about what the prosecutors are doing and telling you why
I think it's wrong. And the others are going to attempt to represent their
constituencies as well.

Now, since we have only five minutes, a lot of what I'm going to present to
you is fairly elementary, and I apologize for it. You can think of it as sort
of a Cliff Notes of the symposium from Swenson to Murphy.

The first point is corporate crime is different. I don't think there should
be much debate about this anymore, but not only is it different in the sense of
what causes corporate crime, I think we have developed a fairly broad consensus
that the approaches to corporate crime and preventing corporate crime are
fundamentally different from those that might or might not be effective in
preventing or deterring individual crime.

For corporations, I don't think there should be any question anymore, and this
gathering ought to be the best evidence of the fact, that specific deterrence
works and general deterrence works. Specific deterrence in the sense that when
we punish a particular corporation, that corporation changes its behavior in a
fashion designed to diminish the likelihood that it will commit the same or
similar crimes again. I really don't think that can be open to question
anymore.

This gathering proves the effect of general deterrence. Punish one
corporation as an example, others stand up and take note and make every effort
to modify their behavior.

But one thing that struck me - I would like to put forth the hypothesis that
punishment in the area of corporate crime, to quote Win Swenson, you can't put
Allegheny Bottling in jail. Punishment is dollars. It's money. Money doesn't
mean simply fines, but it means the monetary effects of prosecution, which can
include loss of productivity, loss of business, loss of business relationships,
loss of credit relationships, inability for a corporation or any other business
entity to do what it's there to do, which is, by and large, earn a profit, or if
it's a non-profit entity, at least do its job economically.

Given that, since general deterrence and specific deterrence work, I believe
that government attempts to achieve specific deterrence and general deterrence
are what lead and have led to compliance management systems. But here I believe
a significant distinction has to be made, and this was brought home for me with
the presentation of John Meyers about what he viewed as wrong with the
court-imposed compliance system in the NME case. I can't remember what the name
of NME is anymore. Tenet or - it's now Tenet. That's one way to rehabilitate a
corporation, it seems to me. Change the name.

Compliance management is a response to deterrence and is aimed at preventing
future violations, but should not be considered as a form of punishment. I
think what Mr. Meyers brought home for us is that, to the extent that compliance
management starts looking like punishment, it doesn't work. It's
counterproductive. It's not good punishment, frankly, and it's not good
compliance management.

Now, what lessons do I believe need to be drawn from that? I believe the
prosecutive community, the law enforcement community, needs to draw the lesson
that they should not seek and judges should not order compliance programs with
elements that are inefficient, that don't work, or that may impede compliance by
breeding cynicism. I think those things are really possible, and how do they
prevent it? They prevent it, I believe, by devoting greater resources to doing
what everybody here at this symposium is doing, which is educating themselves on
the best current thinking and knowledge of what does and doesn't work and the
reasons why.

I for one would like to see the Justice Department have its own centralized
body, maybe a small group of people, devoted to the mission of gathering
information about compliance management. And, by the way, I prefer the term "compliance
management" because it connotes permanence over the term "compliance
program" which to me connotes something more temporary. And that leads me
into my next point, which is the next nugget that I believe I have taken out of
this. That is, there is an extraordinarily broad consensus, I've heard, that
the most effective corporate compliance systems view compliance as a management
function, not as a policing or legal function.

I was going to go through everybody who said this, but I heard it over and
over and over again for two days, and even Joe Murphy, who was our last speaker,
emphasized that. What concerns me terribly about this point, as to which I
believe there is broad consensus, is I didn't hear enough of it from the law
enforcement community. And I find that terribly troubling. What I heard from
the law enforcement community were terms like "failed compliance program,"
which to me is antithetical to the concept of a management system or good
management practices.

I believe that management is not a guarantee of success. Management, I
believe, is a performing art. Some might say an improvisational art. It is
not, as one of our speakers said, Euclidian geometry. The mere fact that a
corporation experiences an incident where an employee commits a crime is not a
basis for concluding that the compliance management system has failed. I
believe that that thinking can be dangerous, and is probably contrary to what
will work the best in compliance management, which are good management
practices.

Finally, what I would like to see is good management practices, not an
adherence to a checklist du jour, not an insistence on 100 percent compliance as
exerting the greatest influence on the thinking of the law enforcement
community.

I have well overstayed my five minutes. There's plenty more that I could say,
but the others have a lot to share with you as well. Thanks.

WRAP-UP: REMARKS BY JANET C. COOK

JANET C. COOK: Well, like Neal, I feel that this is really a daunting
assignment to wrap up all of two days' seminar in five minutes. But let me give
you a couple of thoughts. One is very general, and one is more specifically
related to who I am and what I do.

I know many of you in the room. Most of you know what I do. In a sense my
job is as an enforcer, but it's a little different from what the prosecutors do
or what civil enforcers do. I am the debarring and suspending official for the
Air Force, which means that I look at contractors who have been indicted and
convicted, have had other kinds of problems, and assess whether they should
remain eligible for government contracts. Some of them are debarred. Some of
them are suspended. Some remain as government contractors.

I have a general comment on ethics and compliance programs and then something
more specific. The general comment is that I heard throughout the seminar the
terms "compliance program" and "ethics program." I want to
be sure we recognize there's a difference. The ideas come from different
mind-sets. A compliance program sets basic rules and procedures and can be
summed up in a checklist. An ethics program addresses values and decisions in
the grey areas. The sentencing guidelines in a sense lend themselves to a
checklist type of approach. And a corporation can get good protection against
the maximum penalties of criminal prosecution by meeting the different elements
of that checklist.

I don't think, however, that a guidelines-based compliance program without
more is likely to be an excellent internal management tool. As an aside, I
agree that I don't like the term "program." An ethics officer at one
of the leading defense companies refers to an ethics "process" rather
than an ethics "program." In any case, a successful process must be a
management process. It's not so important whether you say program or process,
compliance or ethics. What is important is that your program or process be
values-based and have some soul.

Somebody said yesterday that employees don't like you playing with their soul.
I'm not so sure. I think they want you responding to their soul in the sense
that people want to do the right thing, not just the compliant or lawful
thing. In most cases, all you have to do is free employees to do the right
thing, and compliance will follow. We heard at lunch a CEO who understands the
difference between ethics and compliance. He not only knows the words of a
compliance program but hears the soul in the music that goes behind it, and has
moved beyond compliance to a value-based ethics program, to a good program that
can really do the company some good.

It's going to be fairly expensive to put in a compliance program that will
meet the guidelines. But that's not going to give the corporation a great deal
of cost/benefit in the long run. How many corporations are ever sentenced under
the guidelines? Not very many. You could almost self-insure by not having a
compliance program and putting the money aside every year into a penalty fund.
But let's assume you're going to have a compliance program and hope for some
benefit over and above guidelines protection. Why not put a little more effort
and maybe a little more money, and certainly a lot more thought into it, and
have a real ethics program that is going to benefit the corporation internally.
Create a values-based ethics program and you're going to get employees committed
to an ethical way of business life, employees who care about their business
integrity. The principal benefits are going to be internal. Benefits show up
in workplace relationships, confidence in management, and dedication to quality.
Ethical conduct feeds itself.

Someone mentioned the Baldridge Award. A lot of companies started out with
so-called TQM programs because it was the flavor of the month and maybe they
were competing for the Baldridge Award. But now, practically every corporation
that's paying attention, even some very small businesses, have programs that
have a lot of the elements that count as qualifications for the Baldridge Award.
They are empowering their employees.

My observation is that if you are going to empower your employees, they had
jolly well better be ethical. And you've got to set values for them. Not every
tough issue that every employee faces, is going to be within a compliance kind
of orientation. It's in the gray areas where companies and employees get into
trouble, where they have the questions. Ethics education and discussions and a
high ethical tone from management go a long way toward assuring empowered
employees reach the right decisions.

A specific thought from an agency perspective: where are you when you come to
the debarring official after indictment or conviction? The agency will look for
compliance and ethics programs, but do not expect to use a compliance program as
a sword against the debarring official. Don't argue that the agency can't debar
your company because the Department of Justice gave full credit under the
guidelines.

The guidelines are framed in a punishment context. Unlike the Department of
Justice, the agency debarring official will assess your programs from the
customer's point of view. When you're convicted of cheating your non-government
customers, you don't expect those customers, because you have a compliance
program, to continue doing business with you. But some companies seem to
believe that the government should continue to do business with them because the
prosecutor thought they had a good compliance program. The distinction between
punishment and business responsibility fundamentally changes the analysis.

As many have noted today, most prosecutors are not experienced in recognizing
a good compliance program. I think Neal's suggestion of an office at DOJ to
serve as a center of compliance expertise is an excellent one. Private industry
has established such centers to good effect. None of us is as expert in this
line as we ought to be. I would also encourage openness between industry and
government to share best practices and different viewpoints.

I am troubled by the emphasis some place on litigation privileges in regard to
compliance programs. As a debarring official I'm not interested in hearing
about litigation privileges. I understand privileges may be important in
litigation contexts, but it's going to be very difficult to reestablish business
integrity with a suspension or debarment official, if a contractor is not
willing to provide full information about underlying facts and any related
preventive or responsive steps. Suspension or debarment proceedings are just an
example. If you're dealing with the FDA or OSHA or EPA, there will be similar
issues of free and open access to compliance-related materials. Potential
privileges involve hard choices. In many cases you're going to have to make the
hard choice to waive a privilege and let the agency look into your programs in
significant detail. The more forthcoming you are and the less you try to hold
back, the quicker things are going to go and the easier it's going to be.

As a last thought I'd urge private industry to establish high-quality
compliance and ethics programs that have some music to them as well as just the
words on paper. Do try to reach the goal of a values-based ethics process,
stretch your process or your compliance management system to get to a higher
plateau that will better serve everybody: employees, management, and government
in its many roles. If you do, we will all have better government contractors,
and have better citizen corporations. Besides, it's worth doing for its own
sake. Thanks.

WRAP-UP: REMARKS BY RICHARD S. GRUNER

RICHARD S. GRUNER: I want to start by echoing Neal's comments about the
quality of this symposium. I have been to a number of programs on related
topics and this one is extraordinary. It's not just extraordinary because of
the quality of the symposium administration, which has been excellent, or the
quality of the presenters, which has been top-notch. The defining feature of
this symposium has been the quality of the idea around which this whole
conference revolves - the need to develop distinctive, favorable legal treatment
for the "good citizen corporation."

I submit to you that the concept of the good citizen corporation as a feature
of our legal landscape is not only new, but fundamentally important. By a good
citizen corporation I mean the type of corporation that has been the subject of
our discussions here - a corporation that has undertaken due diligence to
prevent offenses in its business operations. We are moving from a legal regime
in which the concept of the good citizen corporation was irrelevant to a legal
system in which this concept may be a central consideration in evaluating
corporate liability. Currently, corporate criminal liability usually depends on
respondeat superior principles. These principles effectively equate an
employee offender with the offender's corporation. If an employee commits an
offense within his or her scope of employment and for corporate benefit, then
the corporation is liable for the offense as well as the employee. We are
moving from these principles for measuring corporate liability towards a view
that a corporation's responsibility for an offense should be evaluated
separately. Under this new approach, the good citizen corporation that can show
due diligence concerning law compliance may avoid liability for an occasional,
aberrational employee offense. In short, the law is shifting towards a system
in which the culpability of the organization matters.

This is a significant change that has broad implications. I want to sketch a
few of the legal developments that may implement this new approach in the next
few years. You have seen hints of some of these developments here at this
symposium. My comments are aimed at suggesting how the good citizen corporation
may figure in additional legal standards.

One type of change that seems likely is an expansion of the range of legal
contexts in which good citizen corporations are exempted from liability. We
have heard suggestions at this symposium of corporate criminal liability
standards that would turn on whether a company undertook due diligence to
prevent offenses before a particular employee committed an offense. Such
standards would shift the assessment of the quality of a corporation's law
compliance efforts from the sentencing stage

- where they reside under the Sentencing Commission's Organizational Sentencing
Guidelines - to the liability determination phase of the criminal case.

There are several ways that this sort of change may be implemented. Standards
may be changed so that the absence of corporate due diligence needs to be shown
to establish corporate criminal liability. More plausibly, corporate due
diligence of this sort may be recognized as a basis for an affirmative defense
to corporate criminal liability. These sorts of changes need not be limited to
criminal offenses. I think that we will see equivalent developments in
regulatory settings in which definitions of regulatory violations are revised to
turn on whether or not a corporation has undertaken diligent efforts to prevent
violations.

This is still not a broad enough perspective, however. I think that we are
going to see greater reliance on the good citizen corporation concept in law
enforcement activities. In particular, the targeting of government
investigations and regulatory oversight will increasingly depend on prior
assessments of how extensively particular corporations are policing themselves.
Experimental programs now being tried by the EPA illustrate how the good citizen
corporation might be treated in this context. Under these programs, companies
that submit to an intensive review of their compliance systems can qualify for
later relaxation of governmental oversight. Once the internal policing within
these companies is shown to be sound, the need for external reviews is
correspondingly diminished. This sort of targeting of regulatory oversight
makes sense not only as a means for allocating scarce regulatory resources, but
also as a means to recognize and reward corporations that have pursued socially
beneficial efforts to prevent offenses.

The status of a firm as a good citizen corporation may also have growing
significance in other legal contexts. For example, it was suggested in Joe
Murphy's presentation that punitive damages should not be assessed against a
corporate defendant in a tort action if the corporation is found to have taken
diligent steps to prevent the misconduct at stake. Withholding punitive damages
on this basis would be a logical means to reserve such damages for the worst
cases of irresponsible corporate conduct. In addition, standards diminishing
punitive damages for good citizen corporations would strongly encourage diligent
law compliance and harm prevention efforts in areas where tort actions and
damages are real threats, but criminal sanctions are not.

Finally, a firm's status as a good citizen corporation may figure in
day-to-day contracting and commerce. Perhaps the most significant activity
discussed at this conference was the development of ISO 14000, a standard for
measuring the sufficiency of environmental law compliance systems. Once issued,
this standard is intended to figure in a system of privately enforced compliance
system obligations in which one contracting party will insist that its
contracting partners certify their compliance with ISO 14000. Maintaining an
adequate compliance program - and being a good citizen corporation, at least in
the respects addressed in ISO 14000 - will be a matter of contract obligations
and incentives. Hence, a system of private contracting and rewards may
ultimately drive the development of better compliance practices.

What other trends are going to affect this area? I believe that if we were to
attend a conference like this one ten years from now, two new topics would be on
the agenda as major considerations. First, corporate management techniques for
addressing law compliance and liability risks will be improved, establishing a
related domain of technical expertise among organizational management experts.
Managerial specialists are just now beginning to give detailed attention to the
features of good compliance programs and to assessments of what compliance
program techniques work and don't work. We have seen some of the very first
products of these efforts in the empirical research presented at this symposium.
In the compliance system standards embedded in ISO 14000, we have also seen
some organized efforts to describe how corporate managers should approach the
construction and operation of compliance systems. However, there should be many
improvements ahead in our understanding of how to manage law compliance so as to
have a real impact on corporate workforces.

As our understanding of available techniques improves, corporate managers'
appreciation of the need for those techniques should also increase.
Sophisticated managers already appreciate the importance of careful management
of corporate law compliance. You heard precisely that message at lunch today
when Stephen Hammerman emphasized in his remarks that, for each business unit,
the chief executive officer of that unit has to be responsible for law
compliance. This to me is a signal that compliance programs must be initiated
by line management and that they must operate through line management.
Corporate managers will increasingly accept this in the future and turn away
from non-line management compliance programs that are no more than half-hearted
efforts to gain possible legal advantages.

Let me amplify this a bit. Managers who don't get this message, that don't
pursue law compliance as an aspect of line management through the same types of
management techniques that they utilize in other business areas, are hurting
their firms in several respects.

First, they are spending money on compliance efforts that are unlikely to
prevent offenses or reduce liability. Throwing money into ineffective
compliance efforts is simply a waste of corporate resources.

Second, undertaking law compliance efforts poorly may be worse than doing
nothing at all. We saw this demonstrated in some of the research that was
presented at this symposium. Compliance programs that are treated by management
as a sham tend to encourage cynicism by employees. Such cynicism, in turn,
tends to cause employees to pay less attention to legal requirements and to be
more willing to commit offenses. Hence, a poor law compliance program may
actually increase levels of offenses, making it worse than doing nothing.

Third, operating a compliance program that is a sham will forfeit an
opportunity for favorable treatment in regulatory and criminal proceedings.
From the presentations of government officials at this symposium, it is obvious
that prosecutors and regulators are becoming more adept at evaluating compliance
programs. They are becoming more sophisticated in the proof they demand and in
what they view as the necessary features of an effective compliance program.
The likelihood that a sham program will pass muster is diminishing accordingly.

How does all this bear on the role of inside counsel? As was mentioned in the
introduction to this panel, I am here in part as one who has acted as an inside
counsel and who thinks a lot about the role of inside counsel as an academic. I
believe that the challenge to inside counsel in the next few years is to help
corporate managers pursue law compliance programs as aspects of day-to-day
management processes. This is critical because there is no other effective law
compliance program strategy. Management must pursue law compliance as a line
management objective if corporations are to adopt compliance programs that both
prevent offenses and meet government standards for favorable treatment.

What is counsel's role in helping corporate line managers pursue compliance
systems? First of all, it's a new role. It's a role that many corporate
counsel (both inside and outside counsel) aren't very familiar with. It's a
role as part of a team constructing management processes, rather than just
providing legal advice about relevant legal requirements and possible types of
violations. Granted, construction of the necessary management processes will
start with some traditional legal advice describing the sorts of legal risks
confronting a firm. These are the legal risks that the resulting processes will
need to address and minimize. However, beyond just providing this type of
advice, counsel should also pose questions to line managers that help the
managers think about the techniques they might use in the course of managing and
diminishing legal risks. Counsel can also challenge the sufficiency of what
management comes up with, by comparing a company's proposed law compliance
practices with practices undertaken by other firms or required under management
standards like ISO 14000. These types of comparisons are critical in evaluating
the sufficiency of proposed compliance systems because similar comparisons will
be undertaken when compliance systems are reviewed by regulatory agencies or
sentencing courts.

I would like to offer one last thought on how corporate counsel might conceive
of their role and the overall process of developing and pursuing corporate law
compliance programs. Steps undertaken now regarding these programs should be
seen as setting the stage for later reviews of those programs in contexts where
corporate liability is at stake. To help define what to do now, a corporate
counsel should imagine hypothetically that he or she is at the end of the
process in the midst of a critical review of a compliance program by a
regulatory official, a prosecutor, or a sentencing court. The question under
discussion in this review is, "What kind of compliance program did your
company have?" What would you like to be able to respond?

Well, what you'd like to be able to say is something like the following: "We
felt law compliance was a critical aspect of corporate performance. We
addressed compliance with the same types of techniques that we would use to
address other critical management concerns. For example, our management
techniques were similar to those we would use in a quality control or production
system. Let me show you how we applied similar techniques to our law compliance
efforts."

That's the sort of presentation which will convince regulators, prosecutors,
and courts your company was serious about law compliance. The corporate
operations necessary to make this sort of presentation a reality should be
counsel's present objective. By helping line managers develop these operations,
corporate counsel can ready his or her firm for the rigorous, but potentially
rewarding compliance system reviews of the future. Thank you.

WRAP-UP: REMARKS BY LYNN SHARP PAINE

LYNN SHARP PAINE: This conference is special for many, many reasons. The
things we're talking about represent some very important changes in how we
encourage and support lawful conduct in our organizations, and particularly in
our companies. Two changes stand out. The first is that managers are being
asked to assume greater responsibility than in the past for insuring lawful
behavior in their organizations. A second related aspect of this change is that
government is being asked to demonstrate a greater willingness to recognize
managers' efforts to encourage lawful behavior in their organizations. And this
observation applies to government officials in a number of contexts.

If we look at this development from a broad historical perspective, we see
that it's part of a sea of change in thinking about business-government
relationships in this country. This, in general, is a very positive
development, and it's one I have urged in my role as a management educator and a
management researcher. In particular, I have urged that law compliance be
treated as a management function, not a legal function. Law compliance is
something managers should be concerned with on a routine basis. After all, the
executive's job of is to define the goals and responsibilities of an
organization and then to mobilize people and resources to achieve those goals
and responsibilities.

I doubt that anyone here would quarrel with the idea that abiding by the law
is an important organizational responsibility, though in practice it's not a
responsibility that anybody embraces with great enthusiasm. To paraphrase both
Joe Murphy and former SEC Chairman Richard Breeden, aspiring to get through the
day without being indicted is not a very inspirational ethical standard.

So while I really do think we're moving in the right direction, I want to use
my few minutes just to underline a few concerns I have. There are three in
particular.

The first concern has to do with the search for guidance. In listening to
discussions at the conference, I have felt that a lot of people, particularly
representatives from companies, would like the Sentencing Commission to stop
being vague and just tell companies what to do. Many feel the guidelines don't,
in fact, give enough guidance. When I hear such comments, my reaction is - be
careful what you wish for; you might get it. There is no single model for what
managers should do on a day-to-day basis to ensure adherence to law in their
companies. What motivates a Wall Street trader is different from what motivates
a health care worker. And while it's very laudable and appropriate for the
Sentencing Commission to spell out the specific compliance-related functions
managers should undertake - and by functions, I mean activities like the setting
of standards, education, motivation, assurance, audit, and other assessment
systems - it would be a mistake for everybody if the Commission were to get into
the business of laying out very specific steps for what managers should do.

Rather than providing a compliance cookbook directing companies to do A, B, C,
and D, the government could stimulate innovation and experimentation by
requiring companies to evaluate their own effectiveness in carrying out the
compliance functions. Companies seeking relief or approvals would have the onus
of demonstrating how they have evaluated effectiveness and what kinds of
self-improvement efforts they have undertaken over time.

In the course of our conversations, we have at times moved up two quite
different issues, both of which are very, very important and which should be
looked at, but which in the first instance should be looked at separately. The
first issue is the lawyer's concern about how a company proves that it's a good
corporate citizen, and second is what should be the manager's concern, which is
how actually to be a good corporate citizen.

Now, I have a bit of a bias here. I am convinced that the best and easiest
way to seem to be a law-abiding company is actually to be a law-abiding company.
So I believe that the management question should take priority, but I also am
enough of a lawyer to realize that the issue of evidence and proof in various
contexts is also very important.

So that brings me to my second concern: what companies should do to become
law-abiding organizations. Here, we need a better understanding of the
management practices followed in companies that actually are good corporate
citizens with a good track record and who have built respect for law into the
corporate value system.

The environmental leadership program that Steve Herman talked about is a good
example of what I have in mind. It's something we should be paying more
attention to. In our discussions, a lot of attention has been focused on
corporate misconduct, understanding its origins and so on. I have done research
in this area, and I believe it's very, very important. A lot can be learned
from research on the fundamental origins of misconduct. Sometimes the findings
can be surprising.

For example, I did research in one company which, if described in detail, I'm
sure 80 percent of you would say was a good corporate citizen. That company, by
the way, didn't have a compliance program like the ones that we have been
discussing. Nevertheless, the company did get involved in misconduct related to
the falsification of environmental reports.

Once one diagnoses why this occurred, it turns out that some of the employees
had been asked to do a job for which they had not been trained very well. Now,
you say, what do these employees need? Do they need a talk about ethics? Or do
they need some job training? Well, probably they need both, but clearly they
need job training. In my experience it's very common to find that
organizational misconduct often goes back to poor management and to management
practices that need to be improved. So it's quite important to push back and
understand the origins of misconduct.

Nevertheless, while we need to understand that, we also need better research
not on compliance programs per se, but on the management practices that
are used in companies that are good corporate citizens. What this type of
research will show, I believe, is that concern for law is reflected in all the
core management systems that drive the organization, from its leadership, its
supervision, its hiring, its promotion, its evaluation and rewards, its planning
system, its resource allocation, information, communication, training,
education, oversight, control.

When a company has truly integrated respect for law into the corporate value
system, it shows up in every aspect of the management process and of the
leadership of the organization. So I find it a bit troubling that so much
attention has been focused on the willingness of employees to report misconduct
as the leading hallmark of a good corporate citizen. There are lots of other
things we should be looking at that are more positive and much more central to
what makes a good corporate citizen.

An excessive focus on misconduct can also lead to recommendations that are in
conflict with management's efforts today to empower employees, to build trust,
to enable people to do their jobs better, and to strengthen personal
accountability. We must not lose sight of our core objective here: namely how
to build and maintain law-abiding organizations and to uphold high levels of
adherence to law in our society.

The final issue I want to mention is my concern for the individual employee.
As companies rush to prove to the government that they are good corporate
citizens by voluntary disclosure and by zealous housecleaning after misconduct
occurs, I hope they do not lose sight of the importance of fairness to the
individual employees who may or may not be involved directly in the misconduct.

I recently heard a story praising a company's management for its exceptionally
quick response to allegations of misconduct. Some individuals were accused of
misconduct and dismissed within a matter of only 24 hours or something like
that. They were gone, and the company was getting on with its business.

I don't know the facts of that case, and maybe the evidence was clear. But
it's very, very important that managers take the time to think about the
fact-finding process, about fairness and due process in their determinations
before dismissing employees in their eagerness to be good corporate citizens.
That's important not only for fairness to the individual employee, but also for
the impact on other employees, particularly their willingness and their
commitment to do their job.

Recently, I was reading about some research done by Professor W. Chan Kim at
INSEAD, a business school in France. One of Professor Kim's findings was that
employees in global organizations are most likely to implement corporate global
strategy when they believe that due process has been followed in developing the
strategy. There are other lines of research that suggest that if you want your
employees to go the extra mile, to do the extra work, to take on the
discretionary effort, you should be especially concerned about fairness. This
research says that people are more likely to do their best to support the
organization when they perceive their work environment to be a fair environment,
where their efforts will be recognized and where due process is followed in
making and implementing decisions of all sorts.

Clearly in today's environment, if we are going to compete effectively as
individual companies and as a nation, we have to have lots of employees who are
willing to go the extra mile, to do the extra work, to go above and beyond the
call of duty. To the extent that treating people fairly and exercising due
process is part of creating an environment in which people are willing to do
that, we have to think carefully about how we approach compliance and how we
deal with misconduct. We don't want to undercut those important motivations and
commitments.

So, in conclusion, let me just say that, of course, adherence to law is a
fundamental responsibility of companies, but it's not their only responsibility.
And as we seek to build law-abiding companies, we need to select methods that
recognize not only the obligation to obey the law, but also the responsibility
to produce goods and services needed by society in an efficient manner. We must
be careful to select methods that enable companies to compete effectively in a
global marketplace. Thanks very much.

WIN SWENSON: Thank you. Those were really wonderful comments and they have
given us a lot to think about. It's late, and so we'll stop. I'd like to just
close with three very brief thoughts. One is in response to the question, "Does
the Sentencing Commission have plans to do any further symposia in other parts
of the country?" I think it will be some time before we do it. On the
other hand, if you think it has been useful, you might want to note that on your
feedback form. Maybe there's something that we should do from time to time.

Second, I wanted to say how grateful we are to International Meetings,
Incorporated, IMI, which has done the production of this symposium and we think
has done really a wonderful job.

Finally, I wanted to just say in parting to you all, I think Senator Kennedy
had it right yesterday when he said that the issues and policies we've all been
thinking about over the last couple of days are matters that each of us can
positively influence in our own jobs. Whether we're in government or we work
inside of companies, whether we're in law firms, in business schools, or in law
schools, I think we can all make a contribution to thinking about these policies
and making them work.

Q. What is the current status of environmental guidelines for organizations --
is there a time frame for implementation? Is anything in the works for food and
drug crimes? What has slowed the Commission's actions?

A. Proposed environmental guidelines drafted by an outside panel of
practitioners, known as the "Advisory Working Group on Environmental
Sanctions," were submitted to the Sentencing Commission on November 16,
1993. Since that time, the President has appointed four new members to the
Commission, including a new chairman. As newly constituted, the Commission has
decided to complete a comprehensive review of the federal guideline system
before undertaking any significant new amendments. For this reason, the
Commission has not taken action on the Advisory Group's working proposal. After
its comprehensive review of the guidelines, the Commission expects to evaluate
this and other proposals on environmental guidelines that come to its attention.
The earliest that work on environmental guidelines might recommence would be
late 1996.

Regarding food and drug crimes, the Commission is now considering a staff
proposal that would delete the existing separate guideline, 2N2.1, for these
offenses and henceforth have them sentenced under 2F1.1, which generally governs
fraud offenses. One effect of this change would be that the fines provision of
the organizational guidelines would then apply to food and drug offenses. See
USSG 8C2.1. This proposal recently was published for comment. See 61
Fed. Reg. 79 (1996).

Practitioners are reminded that it is only the fines provisions of
the organizational guidelines (Part C) that do not now apply to environmental
and food and drug offenses. For example, the restitution and probation
provisions (Parts B and D, respectively) already apply to organizational
offenses.

Q. It appears that guideline penalties treat organizational size in a
backwards fashion -- i.e., a smaller organization is easier to police
than a larger one, yet the larger employer gets a higher culpability score. Is
this because of CEO involvement or because simply more is expected of larger
organizations?

A. Under the guidelines, larger organizations do not, per se, receive
higher culpability scores and penalties than smaller organizations. Under USSG
8C2.5(b), however, culpability scores (and thus potential fines) will increase
if organizational officials with responsibility for relatively higher numbers of
employees are found to have been involved in the offense. For example, if an
official with responsibility for 200 employees was involved in the offense, the
culpability score will be three points greater than it would have been
if only low-level employees had been involved. If an official with
responsibility for 5,000 employees was involved, the culpability score will be
five points higher than it would have been if only low level employees
had been involved.

The background commentary to this culpability score provision explains:

The increased culpability scores under subsection (b) are based on three
interrelated principles. First, an organization is more culpable when
individuals who manage the organization or who have substantial discretion in
acting for the organization participate in, condone, or are willfully ignorant
of criminal conduct. Second, as organizations become larger and their
managements become more professional, participation in, condonation of, or
willful ignorance of criminal conduct by such management is increasingly a
breach of trust or abuse of position. Third, as organizations increase in size,
the risk of criminal conduct beyond that reflected in the instant offense also
increases whenever management's tolerance of that offense is pervasive.

Q. Mr. Swenson was quoted in a newspaper as observing that certain people
have raised concerns that the practice in some industries of comparing notes on
how to fight corporate misconduct could, in fact, lead to collusion among
companies to
lower compliance standards. What is the Commission's view on this? Is
there an acceptable means by which a trade association can actually raise the
standard, e.g., use an outside entity such as someone in (or formerly
in) government or a law professor versed in this area to help develop a
framework for an effective program for a particular industry?

A. The Commission applauds efforts by industry groups to share information on
compliance program practices -- as long as the objective is to achieve "best
practices," not the lowest common denominator. There is no single agreed
upon approach as to how industries should proceed. The symposium segment
entitled "Sharing 'Best Practices' Information" examined several
possible models, and the Commission encourages further thinking and innovation
in this important area.

Q. Assume a statute allows for fines up to $200,000 for a certain type of
conduct, but the guidelines would require $500,000 in fines. Which prevails --
the statutory maximum ($200,000) or the guidelines ($500,000)? What legal basis
permits additional burdens (e.g., a high-dollar restitution order) over
and above the maximum statutory fine?

A. Consistent with congressional intent, the Sentencing Commission takes the
position that statutory sentencing parameters "trump" the guidelines
where a conflict exists. See USSG 5G1.1. Consequently, all guideline
fines are subject to limits established by statute. On the other hand, it is
expected that fine ranges generated by the organizational guidelines will
infrequently exceed statutory maxima. For example, the highest fine range
called for by the guidelines has a floor of two times the "base fine,"
which will often be the loss. See USSG 8C2.4, 8C2.6. Section 3571(d)
of title 18, United States Code, specifically authorizes fines up to twice the
loss. Thus, in most cases this statutory provision will authorize a fine within
the highest applicable guideline range, and other statutes may provide even
higher maxima.

By statute, restitution is a separate sanction from a fine. See 18
U.S.C. 3551, 3556. Thus, restitution may be ordered in addition to a fine.

Q. What if dollar amount of loss or pecuniary gain is low, but the product is
defective and is a critical safety-of-flight aircraft part? Is risk of harm or
bodily injury factored into an organization's sentence under the guidelines?

A. In fraud cases, risk of serious bodily injury may be directly reflected
in the base fine. See 8C2.4(a)(1), 2F1.1(b)(4). In other cases,
Chapter Eight authorizes an upward departure if the offense either resulted in,
or involved a foreseeable risk of, death or bodily injury that is not adequately
reflected in the fine. See USSG 8C4.2.

Q. Is there a protection so that by self-reporting the company does not
significantly increase its exposure far beyond the benefit gained from the
five-point culpability score reduction under the guidelines?

A. Disclosure of wrongdoing by companies is not only encouraged by the
guidelines but now by a number of other governmental policies as well. At the
symposium segment, "The Experience and Views of the Enforcement Community,"
representatives of the Justice Department's Criminal, Antitrust, and Environment
Divisions all spoke about voluntary disclosure programs and policies
administered by their respective Divisions. Eleanor Hill, the Inspector General
at the Department of Defense (DOD), spoke about DOD's voluntary disclosure
program in the "Finding Government's Message" segment of the
symposium.

Recently, the Environmental Protection Agency finalized a new policy called "Incentives
for Self-Policing: Discovery, Disclosure, Correction and Prevention of
Violations" that provides for reduced civil penalties when
companies disclose environmental violations and meet certain other criteria such
as having a sound "compliance management program." See 60
Fed. Reg. 66, 706 (1995).

While, overall, these government programs clearly provide substantial
benefits for self-reporting, some experts have posited that further policy or
legal changes may be warranted. See, e.g., symposium remarks by William
B. Lytton, Commissioner Michael Goldsmith, and Joseph E. Murphy.

Q. Can the judge include, as part of a sentence of probation, a requirement
that the corporation submit to unannounced examinations of corporate records by
probation officers or even agents to assure the court that the corporation has
not returned again to criminal conduct?

A. The court may order as a condition of probation that the company submit to "a
reasonable number" of such examinations for the purpose of ensuring that
the company is either: (1) following the dictates of its compliance program, or
(2) safeguarding its ability to pay a court-ordered monetary penalty. See
USSG 8D1.4(b)(1) and (c)(4).

Q. Under the guidelines, will the entire benefit of an effective compliance
program be lost if the offense is not promptly reported to the government?

A. Under USSG 8C2.5(f), the guideline benefit of having "an effective
program to prevent and detect violations of law" -- a three-point reduction
in the culpability score -- will be lost if the organization "unreasonably
delayed" reporting the offense after becoming aware of it. In other words,
this credit is not lost simply because the organization failed to report an
offense if the organization was unaware of it -- although on these facts a court
might infer that the organization's failure to detect the offense was
unreasonable and therefore indicated that its compliance program was undeserving
of culpability score credit. In terms of the
automatic elimination of the credit, what counts is whether the
organization
unreasonablydelayed reporting an offense after becoming aware
of it.

Q. If an organization truly has an effective compliance program and self
reports, why does not the fine range begin at $0.00 so that the incentive for
self compliance is truly maximized?

A. During the development of the organizational guidelines the Commission
debated, but ultimately rejected, building "zero fine" outcomes into
the guidelines. Enforcement community representatives persuaded the Commission
at that time that a guideline fine of zero would be unnecessary to encourage
compliance and self-reporting and, moreover, could send an undesirable signal
regarding the seriousness of criminal conduct. However, the Commission did
structure the organizational guidelines such that relatively nominal fines apply
when culpability is low. See USSG 8C2.5, 8C2.6. The Commission further
adopted a policy statement authorizing courts to consider departing below the
prescribed guideline fine range when culpability is especially low. See
USSG 8C4.11, p.s. In theory, a departure pursuant to this policy statement
can yield a zero fine.

Q. How is the Sentencing Commission going to ensure that federal prosecutors,
probation officers, and judges use Chapter Eight effectively? How does a
prosecutor analyze the "effectiveness" of a compliance program?

A. The Commission's enabling statute authorizes the Commission to "devise
and conduct periodic training programs" for persons whose professions are
affected by federal sentencing matters. See 28 U.S.C. 995(a)(17) and
(18). Consistent with this authority, the Commission has sponsored or otherwise
engaged in numerous nationwide training programs for probation officers, judges,
prosecutors and private sector practitioners of various kinds. Training has
covered both the individual and organizational sentencing guidelines.

That said, the Commission recognizes that a number of issues raised by the
organizational guidelines, such as the meaning of an "effective"
compliance program, are complex and relatively new to the criminal justice
field. For this reason, the Commission will monitor training needs in the field
and lend support as appears practical and necessary.

It might be noted that apart from Commission-sponsored training, the
organizational guidelines anticipate that courts may acquire expertise in
especially complex cases by appointing knowledgeable experts. See USSG
8D1.4(b)(2) and (c)(4). How federal prosecutors will approach these issues is
ultimately, of course, a matter of within the purview of the Department of
Justice. Views on how prosecutors may approach these issues were presented by
Justice Department officials at the symposium segment entitled "The
Experience and Views of the Enforcement Community."

Q. Joint ventures among major corporations are becoming more and more
commonplace in many industries -- what thoughts should the participants/parents
have regarding compliance programs of joint ventures?

A. In general, the guidelines' "carrot and stick" incentives -- e.g.,
to establish effective compliance measures -- would seem equally applicable to
joint ventures. If a violation occurs within a joint venture and the joint
venture is charged with and convicted of the offense, the joint venture's
compliance track record and general response to the offense will be assessed
under the guidelines in determining its penalty. For all practical purposes,
the same would be true if a parent were instead charged with and convicted of
the offense -- the joint venture's actions and conduct would be highly relevant
in determining whether the parent had an "effective" compliance
program with respect to its business endeavors.

Q. Does the Sentencing Commission provide certification or feedback on
proposed compliance plans?

A. No. The Sentencing Commission is not involved in the adjudication of
individual cases and has no authority to certify organizational compliance
plans.

Q. Does the Sentencing Commission have any plans to sponsor similar symposia
in other parts of the United States or to participate in conferences sponsored
by universities or other entities?

A. Although a significant number of symposium attendees suggested that the
Commission consider doing so, the Commission as yet has no plans to sponsor
future symposia on strengthening good-citizen corporations. The Commission does,
however, consider requests from outside entities for training assistance as
resources allow. Over the past several years, Commission representatives have
participated in a significant number of privately sponsored conferences around
the country on these and related issues.

Q. Do the guidelines require an organization to: (1) waive the
attorney-client privilege, (2) forbear from joint-defense agreements with
employees and third parties, and (3) waive or toll the statute of limitations at
any stage of the proceedings?

A. Although the submitted question does not specifically say, these issues are
usually raised in connection with the question of whether an organization --
despite pursuing one of the rights or remedies referred to -- can nevertheless
obtain culpability score credit for compliance efforts, cooperation, and
acceptance of responsibility. See USSG 8C2.5(f),(g).

Each of the relevant culpability score factors -- "an effective program
to prevent and detect violations of law" (i.e., a qualifying
compliance program under the guidelines) evidence that the organization "fully
cooperated in the investigation," and the organization's "acceptance
of responsibility" -- is defined by the guidelines. See USSG
8A1.2, comment. (n.3(k)), 8C2.5, comment. (n.12, 13). Because the relevant
definitions do not expressly speak to the three legal avenues asked
about, a definitive answer is not possible. Barring further clarifying
commentary from the Commission, courts will have to resolve these questions in
actual cases.

What can be said is that answers to these questions are likely to be resolved
on a case-by-case basis. For example, an organization might have a surpassingly
strong compliance program, fully and promptly disclose all relevant information
regarding the offense, and enter a joint defense agreement with an employee
solely for the purpose of litigating a nonfrivolous legal issue unrelated to
factual guilt (e.g., to address the applicability of a statute to the
defendants involved in the joint defense agreement). In such circumstances, a
court might well examine the definitional commentary in the guidelines and
conclude that the organization qualifies for compliance program, cooperation,
and acceptance of responsibility credit.

On the other hand, if the organization were to enter a joint defense
agreement with an employee whom its own investigation showed was involved in
criminal conduct, and then put the government to its burden of proof at trial by
denying the essential factual elements of guilt, a court might conclude that the
organization qualified for none of these mitigating factors. The possible
barriers to credit for cooperation and acceptance of responsibility are
relatively straightforward in this hypothetical; a court might conclude that
credit for the compliance program also should be denied for such reasons as:
(1) the organization failed to disclose an offense of which it was aware, see
USSG 8C2.5(f); (2) the organization failed to appropriately discipline employees
responsible for the offense, see USSG 8A1.2, comment. (n.3 (k)(6)); and
(3) the organization failed to respond appropriately to the offense. See id.,
(n.3(k)(7)).

With respect to waiver of the attorney-client privilege, it might be noted
that guideline credit for cooperation requires that "all pertinent information"
be disclosed, not all potentially relevant documents. See USSG 8C2.5,
comment (n.12)(emphasis added). Whether withholding a privileged
attorney-client communication would still allow an organization to satisfy the
guideline definition of "all pertinent information" -- and the
related question of whether disclosure of all pertinent information would effect
a legal waiver of the privilege -- are matters that must be resolved by the
courts.

Q. Have there been difficulties encountered by companies endeavoring to
implement compliance programs, getting such programs past unions or even less
formal employee groups?

Q. Have any companies been found to violate probation? What happened? How
are assistant United States attorneys verifying probation requirements --
especially those dealing with compliance programs?

A. While the Commission comprehensively collects information on the sentencing
of federal defendants, it currently has no mechanism for collecting information
on probation violations. Further study may be warranted.

In a case involving Consolidated Edison in New York, the judge followed an
approach anticipated by the guidelines, see USSG 8D1.4(c)(4), of placing
the organization on probation and requiring as a condition of probation that a
court-appointed monitor oversee the organization's development of the compliance
program. This case was discussed by Kirk Jordan at the symposium. The
court-imposed compliance plan in the Natural Medical Enterprises case discussed
by several symposium participants demonstrates verification tools available in a
non-probationary setting, i.e., under a consent decree. There, among
other things, the government required scheduled independent audits, third-party
verification of various activities and transactions, and specified reports and
notifications.

Q. By giving five points for self-reporting/cooperation and only three points
for an effective program, are we not undervaluing the need to have an effective
compliance program?

A. Under the organizational guidelines, there are two ways that an organization
may achieve maximum mitigation of the culpability score (and therefore of the
fine). Method One: have an effective compliance program, fully cooperate,
and accept responsibility. See USSG 8C2.5(f),(g). Method Two:
voluntarily disclose the offense, fully cooperate, and accept responsibility.
See USSG 8C2.5(g). Both methods lead to a five-point reduction in the
culpability score. The difference is that credit for cooperation and acceptance
of responsibility are required before credit for a voluntary disclosure
can be given. Credit for "an effective program to prevent and detect violations
of law" (three points by itself) does not depend on the organization's
qualifying for the two-point reduction for cooperation and acceptance of responsibility.